How to redirect port using IPTABLES
You can redirect the port in IPTABLES using the prerouting parameter.
Following is the command you can use to redirect the traffic of port 8080 to port 80.
$ /sbin/iptables -t nat -I PREROUTING -p tcp –dport 8080 -j REDIRECT –to-port 80
$ /etc/init.d/iptables save
$ /etc/init.d/iptables restart
You can change the ports in the above command according to your need.
Hiding folders to avoid deletion via FTP
It is better to hide tmp/usr/lib/var folders via the conf file(when accessing ftp) so that these folders will not be accessed by the users.
If it is proftpd, find out the proftpd.conf
Add the following to the proftpd.conf file:
<Directory ~>
HideGroup wheel
</Directory>
<Directory ~>
HideNoAccess yes
</Directory>
Enter the directory path near to “<Directory >”, like “<Directory /var/www/vhosts/domainName/httpdocs/folder>”
After modification, restart the FTP.
Restrict users to their home directory in VSFTP
Sometimes you may want to restrict users to their home directory while doing FTP. You can achieve this in VSFTP with the following steps.
1. Open the VSFTPD configuration file “/etc/vsftpd.conf” . Uncomment the following lines.
chroot_local_user=YES
chroot_list_file=/etc/vsftpd.chroot_list
2. Create the file “/etc/vsftpd.chroot_list” and place the user names (one per line) that you want to restrict in that file.
3. Restart VSFTPD to take effect.
/etc/init.d/vsftpd restart
After this users listed in the file “/etc/vsftpd.chroot_list” will be locked up in their home directory.
Ftp error “553 Disk full - please upload later”
Problem: You get the ftp error “553 Disk full - please upload later”, even when the quota of the user has not been exceeded and the disk partition in which all the user accounts reside (say /dev/sda5) is not full.
Cause: The value of the variable ‘MaxDiskUsage’ in the pure-ftpd configuration file (/etc/pure-ftpd.conf ) will be equal to or less than the percent use of the partition.
——————————————–
root@ [~]# grep MaxDiskUsage /etc/pure-ftpd.conf
MaxDiskUsage 90
——————————————–
#df
Filesystem Size Used Avail Use% Mounted on
/dev/sda5 144G 59G 78G 90% /
——————————————–
Solution: Change the MaxDiskUsage value to 99 (Some high value) and restart pure-ftpd.
Configuring FTP server for passive mode.
The common issue faced while running FTP in passive mode is the firewall.
Usually, in FTP servers like pure-ftp, the Passive Port Range can be specified in its configuration file itself.
But, if the Passive Port Range isn’t specified, the server uses the locally available ports for FTP.
These port ranges are specified in /proc/sys/net/ipv4/ip_local_port_range file.
Please follow the below method so that the ports remain constant and FTP runs smoothly.
1. Configure sysctl and set the port range in /etc/sysctl.conf as, net.ipv4.ip_local_port_range
2. sysctl -p would load the new kernel values.
3 Open the port range specified above in your firewall.
