Why after Accepting Ports 20 and 21 in iptables are they still closed?

2

1

I am trying to open the FTP Ports on my server. I have vsftpd installed on the server already. However I am unable to reach the server on ports 20 and 21

Somehow it is allowing me to access port 21 at the moment.

I am running Ubuntu 9.10 (Karmic) I also ran: modprobe ip_conntrack modprobe ip_conntrack_ftp

The following is the iptables -L on my server

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             poseidon.valltek.com tcp dpts:ftp-data:ftp

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  poseidon.valltek.com  anywhere            tcp dpts:ftp-data:ftp

I have been using www.ping.eu/port-chk/ to check the port. Just incase it was an issue with my local machine.

Thanks.

donaldduvall

Posted 2010-08-06T17:25:41.833

Reputation:

3More chance at serverfault – Enriquev – 2010-08-06T17:27:10.877

Answers

5

In your output chain you're restricting destination ports, should it be source ports instead?

Also, have you checked that there is something listening on the server port?

netstat -n | grep ':2[01]'

Lethargy

Posted 2010-08-06T17:25:41.833

Reputation: 151

the netstat -n | grep ':2[01]' did the trick. I somehow miss types the port in a config file. Thanks a million – None – 2010-08-06T17:51:10.130

Don't forget to pick an answer on here ;) – None – 2010-08-06T17:57:03.720

0

Maybe having some ambiguity with your question. If you want to use ftp service on your computer,It mainly depends on the form of transmission defined in the remote service.

  1. Port mode:

    The server connect your compute by the 20 port.using

    ~$:iptables -A INPUT -s --sport 20 -j ACCEPT

  2. Passive mode

    The server open the port greater than 1024 to establish the link with client.It is somewhat difficult,you should install models "ip_conntrack,ip_conntrack_ftp" to track the ftp packets.

    more inforemation

kit.yang

Posted 2010-08-06T17:25:41.833

Reputation: 101

Asked: 2010-08-06T17:25:41.833

Viewed: 704 times

Active: 2010-08-09T01:02:46.127