0

I am working on logging into ftp from our Debian server to another server. It's working from localhost, but not from our server. I have opened ports 21,22 with the following command, but no luck. The -v flag doesn't give any extra verbose input. What am I doing wrong?

Commands :

iptables -A OUTPUT -p tcp -d IP --dport 21 -j ACCEPT
iptables -A OUTPUT -p tcp -d IP --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s IP --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -s IP --dport 22 -j ACCEPT

Log :

ftp -v ftp.domain.de
Connected to ftp.domain.de.
220-Welcome To DOMAIN
220 Service ready for new user
Name (ftp.domain.de:root): username
331 Password required
Password:
230 User logged in
Remote system type is MACOS.
ftp> ls
200 PORT command successful
150 Opening connection

Thank you.

We are Borg
  • 177
  • 1
  • 18
  • 22 is usually used for SSH, you might need Port 20 though. https://en.wikipedia.org/wiki/File_Transfer_Protocol usually you can see with packet tracer programms like wireshark or tcpdump from which side the issue is. – Dennis Nolte Apr 23 '19 at 12:36
  • 1
    Usually you don't need to have rules for OUTPUT. For INPUT you also need the state tracking RELATED rule. Because active ftp by default opens a connection to the client on a random port that the client chooses. With passive FTP you need the RELATED state on the server. – Gerrit Apr 23 '19 at 12:48
  • @Dennis Nolte : Added the same commands with port 20 as well. No luck. I will try packet tracer. Anything wrong with the iptables command u can think of? – We are Borg Apr 23 '19 at 17:25
  • have a look at this question, the answers look like they might help you. https://serverfault.com/questions/38398/allowing-ftp-with-iptables other than that it might even be a firewall issue on the other end (your client). for me however it looks like the outgoing connection is not properly "opened" as user188738 commented already. – Dennis Nolte Apr 24 '19 at 07:41

0 Answers0