Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    iptables and port blocking

    Alright here's a question not sure if it can be done but here goes. There is a secure ftp site that we use only trouble is that if you just goto the main ftp it is not secure I want to block the unsecure link from going out.

    They both go through port 21 so I can't block the port and since ABC is a subdirectory of I cannot block the IP of

    So I looked closer comparing the connections made when you link to the different ftp sites, the seems to reply from 23xxx tcp and I am hoping there is a way to block an entire port range to a particular IP address, I am hoping this will do the job.

  2. #2
    Just Joined!
    Join Date
    Jan 2005
    Toronto, ON, Canada
    Well port 21 is the well known FTP control connection and the other 23xxx ports(actually any > 1023) are the ports allowed to allocate dynamically by FTP servers en passive mode for FTP data connection. Note that FTP servers in active mode the FTP data connection listen in port 20.
    There is no way to associate neither those 23xxx ports nor port 20 to specific directory/subdirectory.

    One way to work around with your problem is to give to 'ABC' diferrent user/group access privilage (that exclude the current ftp users) using 'chown' and allow this user to access via ftp to the 'ABC' directory. In this wauy you will have two diferent ftp accounts one for the 'ABC' directory and other/others for the reminder directory/directories.

    I hope this help,


  3. #3
    well if ya have a router or gateway you can redirect port 21 for FTP to say port 20 on your comp
    then any sites hitng any other port for ftp is blocked out

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts