Archive for May, 2011

How to configure telnet and ssh

Leave a Comment

Get yum to install a specific package version

Leave a Comment

Apache Web Server Tutorial for Linux

Leave a Comment

CentOS Open Port 80 and 443 in IPTables

The default CentOS installation does not have port 80 and 443 open, which you need for HTTP and HTTPS. To open up those ports and start serving website, add the following two lines in /etc/sysconfig/iptables

# -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 443 -j ACCEPT
# -A RH-Firewall-1-INPUT -p tcp -m tcp –dport 80 -j ACCEPT

Restart iptables with this command: # service iptables restart

Leave a Comment

HOWTO: CentOS 5 setup for LAMP and ISPconfig

Leave a Comment

Common vsftp problems and likely solutions

Leave a Comment

When unable to retrieve directory listing, most probably because of passive mode inaccesible

REMEDY:
Many people report problems with ftp sessions hanging or throwing errors after the ftp login session is successful. Frequently this is because the ftp-data port is blocked by a firewall or not forwarded by a router. This section describes the configuration of vsftpd to enable passive mode data transfers, along with the accompanying changes to iptables and your router to allow ftp-data connections to pass.

Ftp sessions consist of two channels: a command channel and a data channel, and they each use a different port. While the command channel is (usually) fixed at server port 21, the data channel employs varying ephemeral ports, and this can be problematic in the presence of a firewall since you don’t know from session to session which port the ftp server will use for the data transfer. To get around this, you need to constrain the range of ports used by the server for ftp-data connections, and you need to modify your firewall and, if necessary, your router to enable traffic on that port range.

First, make sure that passive mode is enabled; vsftpd enables it by default, but it doesn’t hurt to set it explicitly. Let’s also restrict the data channel to ports 11000 through 11010. Depending upon the number of concurrent sessions you anticipate on your server, you can increase or decrease the port range by modifying the min and max values. You can also use any port range; I chose 11000 through 11010 at random. Just make sure the min port is greater than 1024. Add these lines to /etc/vsftpd/vsftpd.conf.
Code:

pasv_enable=YES
pasv_min_port=11000
pasv_max_port=11010

Restart vsftpd (or xinetd if you’re running vsftpd under xinetd) to make the changes take effect.
Code:

service vsftpd restart

Now modify the server’s firewall to unblock the ftp-data port range by adding the following rule to /etc/sysconfig/iptables before the line that contains “icmp-host-prohibited”. (This assumes you haven’t radically modified /etc/sysconfig/iptables. If you have, you know enough about iptables already to know where to insert this rule.)

NOTE: Newer versions of Fedora (starting with at least F11) use a different iptables input chain name called “INPUT” rather than “RH-Firewall-1-INPUT”. Look at the other rules in your existing /etc/sysconfig/iptables file to see which name your version uses and modify the rule below accordingly. (Just delete the “RH-Firewall-1-” portion of the rule string if your input string is named “INPUT”.)

Code:

-A RH-Firewall-1-INPUT -p tcp –dport 11000:11010 -j ACCEPT

Restart the firewall.
Code:

service iptables restart

If you have a router, you need to configure it to forward ports 11000 through 11010 if you want external users to be able to transfer data to and from your server. The instructions to do this vary according to your router, but often it can be done through a web interface to the router itself.

Leave a Comment

Older Posts »