FTP server stuck in passive with iptables running.

TheRealDeal · 02-01-2005, 09:08 PM

Hello.

I have a (gentoo) server that runs samba and pureftp. It runs fine when I have iptables stopped. However when I start iptables the FTP only connects in passive mode, so it won't list files or folders etc.

As soon as I turn iptables off it works fine.

Would anyone know what chain I would need to add into iptables to allow this to work properly? Below is what I used to allow ftp through my firewall...

iptables -A INPUT -i eth0 -p tcp -m multiport --dport 20,21 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -m multiport --dport 20,21 -j ACCEPT

Can anyone see what I have done wrong? Thanks alot.

Best Regards,
Craig

pk21 · 02-04-2005, 08:50 AM

active ftp works on port 21 and 20, passive ftp starts on port 21 but jumps after logging in to a port above the 1024.
So if you want your passive ftp to work when your firewall is up, you will need to use a connection tracking module. On redhat the name of the module is ip_conntrack_ftp

TheRealDeal · 02-17-2005, 06:46 PM

Hi pk.

Thanks for the info. Sorry for not replying, I haven't been getting email alerts from linuxquestions.org for some reason.

Where can I find ip_conntrack_ftp? Is this a file I can edit etc? I don't quite understand.

I would love to get this working properly.

Thanks again.
Regs
Craig

pk21 · 02-18-2005, 05:05 AM

try the command "lsmod" to see if it is already running, if not then type "modprobe ip_conntrack_ftp".

pk21 · 02-18-2005, 05:06 AM

(this is how it works on redhat/fedora, maybe gentoo works the same?)

TheRealDeal · 02-24-2005, 04:57 PM

works a treat.!!!! thanks PK