---------------------------- ---- Question ---------------------------- ¡á iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
¡á FTP Connection test # ftp 99.99.99.99 Connected to 99.99.99.99 (99.99.99.99). 220 (vsFTPd 2.0.5) Name (99.99.99.99:root): vinny 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (99,99,99,99,107,74) ftp: connect: No route to host
---------------------------- ---- Answer ---------------------------- Edit /etc/sysconfig/iptables-config and add this line:
IPTABLES_MODULES="ip_conntrack_ftp"
Save it and restart iptables. That's because passive mode use non standard ports to communicate, so you need to keep trak of the ftp connections and iptables will allow them when necessary.
http://serverfault.com/questions/147746/vsftpd-and-iptables-how-to-configure-them-in-centos-5-5
¿ª½Ã ¿Ü±¹ ÀÚ·á°¡ °¡Àå Á¤È®ÇÔ.
|
|
|
|
°Ô½ÃÆÇ ±Û ¸ñ·Ï |
|
No |
Subject |
Poster |
Hits |
Posted |
|
4102 |
|
helix |
5529 |
2013-02-04 23:29:16 |
|
4071 |
|
helix |
3597 |
2013-01-15 15:21:37 |
|
4065 |
|
helix |
2673 |
2013-01-05 22:37:11 |
|
4059 |
|
helix |
2518 |
2012-12-24 15:38:00 |
|
4022 |
|
helix |
6153 |
2012-12-11 00:41:25 |
|
|
|
helix |
8102 |
2012-12-10 23:45:03 |
|
4014 |
|
helix |
2162 |
2012-12-10 12:42:18 |
|
3979 |
|
helix |
3693 |
2012-12-05 13:21:26 |
|
3897 |
|
helix |
2190 |
2012-11-16 11:13:07 |
|
3896 |
|
helix |
3145 |
2012-11-16 10:42:09 |
|
3706 |
|
helix |
6469 |
2012-10-30 14:30:04 |
|
|
|
ÄÚ¸àÆ® |
|
|
|
|
|
|