I am hoping someone can point me in the right direction here please.
Running proftpd (with tls support) on a public IP.
FTP client connects, but can't do a directory listing. When I change the "INPUT" policy on iptables to ACCEPT, it does work.
The following is my relevant iptables rules:
$IPTABLES -A INPUT -i eno1 -s 0/0 -d x.x.x.x -p tcp --sport 1024:65535 -m multiport --dports 20,21,989,990 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d x.x.x.x --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
I have the connection_tracking modules enabled.
server ~ # lsmod | grep nf_conntra
nf_conntrack_ftp 24576 3
nf_conntrack 176128 8 xt_conntrack,nf_nat,xt_state,xt_nat,xt_helper,nf_conntrack_ftp,xt_CT,xt_MASQUERADE
nf_defrag_ipv6 24576 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
libcrc32c 16384 2 nf_conntrack,nf_nat
I also have nf_conntrack_helper enabled in /proc
server ~ # cat /proc/sys/net/netfilter/nf_conntrack_helper
1