Iptables – Allow curlftpfs though iptables firewall, how

ftpiptablesport

I'v allowed FTP ports 21 and 20 which then allows me to connect to my FTP server via "ftp" command, but I still can't get curlftpfs to work.

What ports does curlftpfs all use?
Or is their something else I have to do with iptables to allow curlftpfs?

curlftpfs -v 10.10.10.1 /ftp1/ -o user=user:pass

I get this in the log when I try to do "ls -l" in /ftp1/
http://drp.ly/13573T

I uploaded the log to that site since it would look very messy here

I use these rules to allow FTP:

iptables -A INPUT -p tcp --sport 21 -j ACCEPT
iptables -A INPUT -p tcp --sport 20 -j ACCEPT

Best Answer

It looks like curlftpfs is using pasv mode. You need to either force active mode, or modprobe ip_conntrack_ftp to allow pasv connections through.

To force active mode:

curlftpfs -oftp_port=- myserver.example.com /mnt/my_ftpfs_mountpoint

Make sure your firewall also accepts both incoming and outgoing traffic on port 20. Port 21 is outgoing only.

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Would it not be easier to switch off ssh forwarding on the ssh server? Just change AllowTcpForwarding from yes to no in your /etc/ssh/sshd_config. If this doesn't suit, you could try something along the lines of

iptables -A OUTPUT -o eth1 -p tcp --cmd-owner "sshd" -j DROP

Iptables – Flushing iptables on ubuntu

If the default policy for the chains is DENY then all connections will be cut since there's no longer any way to communicate via TCP/IP. Set the default policies to ACCEPT before flushing, and then back to DENY after re-establishing the rules.

Best Answer

Related Solutions

Ssh – iptables rules to block ssh remote forwarded ports

Iptables – Flushing iptables on ubuntu

Related Topic