Doug’s Blog

Handily dispensing information to .00000001% of the world’s population

Pure-FTPd is good

I sure do like pure-ftpd, it chroots user logins so they can’t chdir all over the place, and is easy to configure and use.

I did have one case lately where I would connect in and it would hang while “entering passive mode”. It turns out I needed to add some extra stuff into iptables. This did the trick:

-A RH-Firewall-1-INPUT -p udp -m udp –dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 21 -m recent –set –name FTP –rdest -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 1024:65535 -m recent –rcheck –seconds 9800 –name FTP –rdest -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp –dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 20 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 21 -m recent –set –name FTP –rdest -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 1024:65535 -m recent –rcheck –seconds 9800 –name FTP –rdest -j ACCEPT

Leave a Reply