Posts Tagged ‘CentOS’

Passive Mode FTP with iptables

January 21st, 2014 No Comments »

There’s lots of advice on the net about how to setup a server with iptables to allow passive mode FTP. Below is the approach that we’ve found to be most effective.

Start by configuring your FTP daemon to use a fixed range of ports. We use 41361 to 65534 which is the IANA registered ephemeral port range. The exact config depends on what FTP software you’re using:

vsftpd

Edit /etc/vsftpd/vsftpd.conf and add the following lines:

pasv_min_port=49152
pasv_max_port=65534

proftpd

Edit /etc/proftpd.conf and add to the Global section:

 
...... 
PassivePorts 49152 65534
......

Now restart your FTP service so the changes take effect.

Next you’ll need to configure the ip_conntrack_ftp iptables module to load. On Redhat/CentOS just edit /etc/sysconfig/iptables-config and add “ip_conntrack_ftp” to the IPTABLES_MODULES like this:

IPTABLES_MODULES="ip_conntrack_ftp"

Next edit /etc/sysconfig/iptables and add a rule to allow TCP port 21.
The new line is marked in red:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Now restart the iptables service:

/sbin/service iptables restart

You can verify that the correct port range has been registered with lsmod like this:

lsmod | grep conntrack_ftp

and you’ll get something like this:

nf_conntrack_ftp       12913  0 
nf_conntrack           79645  4 nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state

And that’s all it takes to get passive mode ftp working behind iptables.

P.S: If your server is behind a physical firewall and you are behind NAT, then you’ll probable need to load the “ip_nat_ftp” iptables module.


FTP automation on Linux

November 8th, 2012 No Comments »

 

Ever wanted FTP backups and automation for keeping backups of important file on off-peak time. I always love automation, so machines can do things automatically and help humans 🙂 Read the rest of this entry »


Mount point busy or already mounted error – CentOS

October 15th, 2012 2 Comments »

 

Recently when my servers HDD dead, data center installed a new HDD keeping orginal HDD as secondary so that i can copy data back to new HDD.

I tried to mount the HDD normal way, but got the error:-

[root@server78 ~]# fdisk -l /dev/hda
 
 Disk /dev/hda: 160.0 GB, 160041885696 bytes
 255 heads, 63 sectors/track, 19457 cylinders
 Units = cylinders of 16065 * 512 = 8225280 bytes
 
    Device Boot      Start         End      Blocks   Id  System
 /dev/hda1   *           1          13      104391   83  Linux
 /dev/hda2              14       19457   156183930   8e  Linux LVM
 
 [root@server78 ~]# mount /dev/hda2 /tmp/mnt
 mount: /dev/hda2 already mounted or /tmp/mnt busy

The old drive is lvm. you were trying to mount it like it was an ext3 filesystem. I have listed what i did below so you can see it.

Now we need to check the old disk is using LVM ? type:-

[root@server78 ~]# pvs
PV         VG         Fmt  Attr PSize   PFree
/dev/hda2  VolGroup01 lvm2 a-   148.94G 32.00M
/dev/hdb2  VolGroup00 lvm2 a-   114.94G 96.00M

So now we know our second hard disk VolumeGroup name is “VolGroup00”, now we can mount it like:-

[root@server78 ~]# mount /dev/VolGroup01/LogVol00 /mnt

That’s it, you can see the folders in /mnt/, Edit/copy as you like.


no “setup” command – CentOS

October 12th, 2012 7 Comments »

 

I usually use “setup” to do the firewall setup for permissive or not and setting of SELINUX, etc….

But on a minimal install you don’t have access to setup command, which is my favorite

[root@tel ~]# setup
-bash: setup: command not found

So how to install it in minimal install ?

yum –y install setuptool
yum –y install system-config-network*
yum -y install system-config-firewall*
yum –y install system-config-securitylevel-tui
yum –y install system-config-keyboard

(thanks JoVeN for spell mistake)

For system services utility install ntsysv (as Perico suggested in the user comments)

yum -y install ntsysv

setup-CentOS

That’s it….!! Enjoy


How To Download a RPM Package Using yum Command Without Installing On Linux

September 13th, 2012 No Comments »

If you ever wanted to download the rpm package instead of installing it with yum ! you can do that with ease, that is useful when you want to keep backup of some RPMs or want to see what’s inside RPM etc.
Read the rest of this entry »


Install XWindows (Graphical mode) in Linux

September 6th, 2012 4 Comments »

 

If you recently installed linux (CentOS/Fedora/RedHat) with text mode and now want to use its Graphical GUI which was left unchecked during the installation, you can install it from Internet very easily.

Read the rest of this entry »