0

How do I permit FTP connections on the following IPTables configuration....

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1111 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Ben
  • 3,880
  • 19
  • 66
  • 99

1 Answers1

2

This is covered already

Check This Link

Try

 lsmod | grep ftp
 modprobe ip_conntrack_ftp
 lsmod | grep ftp

1st command should show nothing 3rd command should show something like..

ip_conntrack_ftp       41361  0 
ip_conntrack           91621  4 ip_conntrack_ftp,ipt_MASQUERADE,iptable_nat,ip_nat

Does this work??

Community
  • 1
Arenstar
  • 3,610
  • 2
  • 26
  • 34
  • /etc/sysconfig/iptables-config does not exist on my system, should I create it? https://help.ubuntu.com/community/IptablesHowTo doesn't say – Ben Nov 08 '10 at 18:10
  • Just try 'modprobe ip_conntrack_ftp', it should load the module.

    I believe you can add ip_conntrack_ftp to /etc/modules to get it to load at boot...... Sorry different Linux distributions are a little different :)

     – Arenstar Nov 08 '10 at 18:38
  • @Arenstar: More recent kernels now call it nf_conntrack_ftp, but your advice is still good. – Steven Monday Nov 09 '10 at 02:12
  • Neither of those commands returned any result – Ben Nov 11 '10 at 02:04
  • Ive updated my response – Arenstar Nov 11 '10 at 02:17
  • Yes, I do see that. So if I add the command modprobe ip_conntrack_ftp it will load that module for FTP and allow me to enter passive mode? I'm on Ubuntu btw – Ben Nov 11 '10 at 16:32
  • Yes.. but not through a restart..

    You need it to load the module when the server starts up.. So in the file /etc/modules

    put it in there..

     – Arenstar Nov 11 '10 at 16:39
  • Was this succesful??? – Arenstar Nov 12 '10 at 14:43
  • Works perfectly! Thanks for following up so much, I haven't tested the reboot stuff, I'll do that when it's not mid day – Ben Nov 12 '10 at 21:32