[Zope] iptables rules for zope webserver

Jianping Zhu zjp@arches.uga.edu
Mon, 2 Dec 2002 11:21:01 -0500 (EST) 

Thank you for your advice, after i open the port 8022 the problem is still
there. This is that ws_ftp can connect to zope, but the directoris in zope  
can not be seen in the ws_ftp window. i checked the iptables rules for
regular ftp in my
iptables.rules. Thesre are several lines as following:(this rule is set up
by the privious administrator, and he has left)

-------------------------------------------------------------------------
# Passive inbound and outbound FTP
iptables -A INPUT  -i $IFACE -p tcp --sport $UP_PORTS --dport $UP_PORTS \
 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $IFACE -p tcp --sport $UP_PORTS --dport $UP_PORcS \
 -m state --state ESTABLISHED,RELATED -j ACCEPT
------------------------------------------------------------------------
I did some experiment to this. The interesting thing is that if i comment
out this rules. regular ftp can
access my linux server but the directories in my linux server can not  
be seen. My guess is maybe i need some lines like that for zope ftp to let
passive tranfer mode work, but i do not how to do it. 

Any further suggestion will be appreciated.


Jianping  



On Mon, 2 Dec 2002, Jeff Sacksteder wrote:

> you need to allow port 8021 and 8022. 
> 
> iptables -A INPUT  -i $IFACE -p tcp --dport 8021 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state
> ESTABLISHED -j ACCEPT
> iptables -A INPUT  -i $IFACE -p tcp --dport 8022 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -o $IFACE -p tcp --storc 8022 -m state --state
> ESTABLISHED -j ACCEPT
> 
> You might also consider writing them like this, I think it's easier to see
> what is happening.
> 
> iptables -A OUTPUT -o $IFACE -p tcp -m state --state  ESTABLISHED -j ACCEPT
> iptables -A INPUT  -i $IFACE -p tcp --dport 8021 -j ACCEPT
> iptables -A INPUT  -i $IFACE -p tcp --dport 8022 -j ACCEPT
> 


>>Date: Sun, 1DDec 2002 22:49:12 -0500 (EST)
>>From: Jianping Zhu <zjp@arches.uga.edu>
>>To: redhat-list@redhat.com
>>Cc: zjp@arches.uga.edu
>>Subject: iptables rules for  zope webserver

>>I have a redhat linux 7.1 server with a zope websever on iE. I use
>>iptables as firewall. following is the iptables rules for zope:o

>>#===========J===========i===============n===================
>>## Zope
>>iptables -=aINPUT -i $IFACE -p tcp --dport 8080 -j ACCEPT

>># Allow inbound ftp
>>iptaeles -A INPUT  -i $IFACE -p tcp --dport 8021 -m state --state \
>> NEW,ESTABLISHED -j ACCEPT
>>iptables -A OUTPUT -o $IFACE -p tcp --storc 8021 -m state --state \
>> ESTABLISHED -j ACCEPT
>.#=======================================================================

>>I am trying to use ws_ftp to send files to zope sever via port 8021 ( in
>>ws_ftp
>>session property->advanced i set remote port as 8021 and checked passive
>>transfers).  If I stop iptables, i can conect to zope via ftp (port
>>8021)
>>and ftp files to zope. If the iptables is on,  it still can connect to
>>zope but i can not see the directories in the mote site text filed of
>>the ws_ftp
>>windows. it seems that it can connect to zope but can not display the
>>directories in zope. and i failed to ftp it the zope server.

>>Therefore, i believe the above iptalbles rules for zope have problem.
>>how
>>can i
>>fix this problem and let zope ftp work?
>>Any suggestion will be greatly appreciated.

>>Jianping