FTP Server Firewall

What's Up With Eskimo's Community!

Moderators: Nanook, carl

Post Reply
User avatar
Nanook
Posting Freak
Posts: 345
Joined: Tue Jun 25, 2013 10:08 pm
Location: Shoreline
Zodiac:
Contact:

FTP Server Firewall

Post by Nanook » Thu Oct 03, 2019 4:04 pm

Posted on October 3, 2019

At some point, Canonical, the folks behind the Ubuntu Linux distribution that we use on most of our servers, opted to move where firewalld looks for iptables, iptables-restore, ip6tables, and ip6tables-restore from /sbin to /usr/sbin but neglected to move the actual commands there, thus causing firewalld to fail upon startup. And rather than no firewall being started it seemed to result in random ports being blocked.

This condition broke the ftp server ftp.eskimo.com so that it would not function in active mode and sometimes not even in passive mode. This has been repaired.

If you are sitting behind NAT on a personal home router and do not have a static IP, you still may need to use passive mode but at least that will work now.

I also want to remind people that IF you have a public incoming or uploads directory, the mode must NOT offer public read permissions or it will not work. Our ftp daemon will not allow the use of mode 777 directories since this is used and abused to distribute viruses, pirated software, child porn, and other nefarious content. Instead these directories should be mode 733, chmod 733 incoming.



Post Reply

Who is online

Users browsing this forum: No registered users and 52 guests