I have finished setting up my iptables, but the FTP login/connection does not work. the NAT/Firewall at the hardware/router level is forwarded correctly.
I have added an entry for ftp but it appears not to be working.
Q. Why are FTP connections not allowed here?
My current iptables config is:
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http limit: avg 25/min burst 100
ACCEPT tcp -- anywhere cpc15-bmly9-2-0-custx.2-3.cable.virginm.net tcp spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere cpc15-bmly9-2-0-custx.2-3.cable.virginm.net tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere cpc15-bmly9-2-0-custx.2-3.cable.virginm.net tcp spts:1024:65535 dpt:ftp-data state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:29292 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- cpc15-bmly9-2-0-custx.2-3.cable.virginm.net anywhere tcp spt:ftp dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- cpc15-bmly9-2-0-custx.2-3.cable.virginm.net anywhere tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- cpc15-bmly9-2-0-custx.2-3.cable.virginm.net anywhere tcp spt:ftp-data dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:29292 state ESTABLISHED
UPDATE updated yet still not allowing connection
[root@host ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http limit: avg 25/min burst 100
ACCEPT tcp -- anywhere cpc15-bmly9-2-0-custx.2-3.cable.virginm.net tcp spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere cpc15-bmly9-2-0-custx.2-3.cable.virginm.net tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere cpc15-bmly9-2-0-custx.2-3.cable.virginm.net tcp spts:1024:65535 dpt:ftp-data state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:29292 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate ESTABLISHED /* Allow ftp connections on port 21 */
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate RELATED,ESTABLISHED /* Allow ftp connections on port 20 */
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate ESTABLISHED /* Allow passive inbound connections */
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- cpc15-bmly9-2-0-custx.2-3.cable.virginm.net anywhere tcp spt:ftp dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- cpc15-bmly9-2-0-custx.2-3.cable.virginm.net anywhere tcp spts:1024:65535 dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- cpc15-bmly9-2-0-custx.2-3.cable.virginm.net anywhere tcp spt:ftp-data dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:29292 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW,ESTABLISHED /* Allow ftp connections on port 21 */
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate ESTABLISHED /* Allow ftp connections on port 20 */
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate RELATED,ESTABLISHED /* Allow passive inbound connections */