I have a redhat linux 7.1 server with a zope websever on it. I use iptables as firewall. following is the iptables rules for zope: #=========================================================== ## Zope iptables -= INPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT # Allow inbound ftp iptables -A INPUT -i $IFACE -p tcp --dport 8021 -m state --state \ NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \ ESTABLISHED -j ACCEPT #======================================================================= I am trying to use ws_ftp to send files to zope sever via port 8021 ( in ws_ftp session property->advanced i set remote port as 8021 and checked passive transfers). If I stop iptables, i can conect to zope via ftp (port 8021) and ftp files to zope. If the iptables is on, it still can connect to zope but i can not see the directories in the remote site text filed of the ws_ftp windows. it seems that it can connect to zope but can not display the directories in zope. and i failed to ftp it the zope server. Therefore, i believe the above iptalbles rules for zope have problem. how can i fix this problem and let zope ftp work? Any suggestion will be greatly appreciated. Jianping
From http://www.linuxchix.org/content/courses/security/connection_tracking:
Unlike most networked services, FTP uses two well-known ports, 20 and 21. 20 is the port for FTP data, and 21 is the port for FTP control information. This makes an extra hole you have to leave in your firewall when you're an FTP server. But the real problem comes when you have an FTP client behind a firewall.
I don't know if Zope uses 8021 (as control port) and 8020 as data port. You need to create rules for the data port. Juergen --On Sonntag, 01. Dezember 2002 22:51 -0500 Jianping Zhu <zjp@arches.uga.edu> wrote:
I have a redhat linux 7.1 server with a zope websever on it. I use iptables as firewall. following is the iptables rules for zope:
# =========================================================== ## Zope iptables -= INPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT
# Allow inbound ftp iptables -A INPUT -i $IFACE -p tcp --dport 8021 -m state --state \ NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \ ESTABLISHED -j ACCEPT # =======================================================================
I am trying to use ws_ftp to send files to zope sever via port 8021 ( in ws_ftp session property->advanced i set remote port as 8021 and checked passive transfers). If I stop iptables, i can conect to zope via ftp (port 8021) and ftp files to zope. If the iptables is on, it still can connect to zope but i can not see the directories in the remote site text filed of the ws_ftp windows. it seems that it can connect to zope but can not display the directories in zope. and i failed to ftp it the zope server. Therefore, i believe the above iptalbles rules for zope have problem. how can i fix this problem and let zope ftp work? Any suggestion will be greatly appreciated.
Jianping
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- __ DI Jürgen R. Plasser * *** ***** ****** ********* plasser@hexagon.at / \ HEXAGON EDV-Dienstleistungen | A-4221 Steyregg | Weissenwolffstraße 14 \__/ www.hexagon.at | info@hexagon.at | Internet | ASP | Security | Software Computer science is no more about Computers, than astronomy is about telescopes. (Dijkstra)
Remember that FTP works by first establishing connections at the specified ports (8020 and 8021) and then it negotiates new ports for further transactions. Therefore, you have to accept both ESTABLISHED and RELATED ports in order to get FTP working through a firewall: iptables -A INPUT -p all -i eth0 --dport 8021 -j ACCEPT iptables -A INPUT -p all -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -p all -m state --state ESTABLESHED,RELATED -j ACCEPT Bryan
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Jianping Zhu Sent: Sunday, December 01, 2002 7:52 PM To: zope@zope.org Subject: [Zope] iptables rules for zope webserver
I have a redhat linux 7.1 server with a zope websever on it. I use iptables as firewall. following is the iptables rules for zope:
#=========================================================== ## Zope iptables -= INPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT
# Allow inbound ftp iptables -A INPUT -i $IFACE -p tcp --dport 8021 -m state --state \ NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \ ESTABLISHED -j ACCEPT #=======================================================================
I am trying to use ws_ftp to send files to zope sever via port 8021 ( in ws_ftp session property->advanced i set remote port as 8021 and checked passive transfers). If I stop iptables, i can conect to zope via ftp (port 8021) and ftp files to zope. If the iptables is on, it still can connect to zope but i can not see the directories in the remote site text filed of the ws_ftp windows. it seems that it can connect to zope but can not display the directories in zope. and i failed to ftp it the zope server. Therefore, i believe the above iptalbles rules for zope have problem. how can i fix this problem and let zope ftp work? Any suggestion will be greatly appreciated.
Jianping
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Bryan Capitano -
Jianping Zhu -
Juergen R. Plasser