0

How do I permit FTP connections on the following IPTables configuration....

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            ctstate RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1111 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Ben
  • 3,630
  • 17
  • 62
  • 93

1 Answers1

2

This is covered already

Check This Link

Try

 lsmod | grep ftp
 modprobe ip_conntrack_ftp
 lsmod | grep ftp

1st command should show nothing 3rd command should show something like..

ip_conntrack_ftp       41361  0 
ip_conntrack           91621  4 ip_conntrack_ftp,ipt_MASQUERADE,iptable_nat,ip_nat

Does this work??

Community
  • 1
Arenstar
  • 3,592
  • 2
  • 24
  • 34
  • `/etc/sysconfig/iptables-config` does not exist on my system, should I create it? https://help.ubuntu.com/community/IptablesHowTo doesn't say – Ben Nov 08 '10 at 18:10
  • Just try 'modprobe ip_conntrack_ftp', it should load the module. I believe you can add ip_conntrack_ftp to /etc/modules to get it to load at boot...... Sorry different Linux distributions are a little different :) – Arenstar Nov 08 '10 at 18:38
  • @Arenstar: More recent kernels now call it `nf_conntrack_ftp`, but your advice is still good. – Steven Monday Nov 09 '10 at 02:12
  • Neither of those commands returned any result – Ben Nov 11 '10 at 02:04
  • Ive updated my response – Arenstar Nov 11 '10 at 02:17
  • Yes, I do see that. So if I add the command `modprobe ip_conntrack_ftp` it will load that module for FTP and allow me to enter passive mode? I'm on `Ubuntu` btw – Ben Nov 11 '10 at 16:32
  • Yes.. but not through a restart.. You need it to load the module when the server starts up.. So in the file /etc/modules put it in there.. – Arenstar Nov 11 '10 at 16:39
  • Was this succesful??? – Arenstar Nov 12 '10 at 14:43
  • Works perfectly! Thanks for following up so much, I haven't tested the reboot stuff, I'll do that when it's not mid day – Ben Nov 12 '10 at 21:32