FTP: iptables Issues
Server Training - FTP Server

iptables Firewall Problems
Firewalls present a serious problem with FTP.   FTP will use ports 20 and 21 for connecting between a server and client.  FTP may also use random ports which are difficult to control and which often get blocked at the firewall.

Lesson 5 / Lesson 7

To provide easier navigation the kernel has a module called ip_conntrack_ftp which is loaded and will monitor the information stream to the FTP server.  This module will allow packets to bind to random ports and still allow them through the firewall.  In order to set this option edit the /etc/sysconfig/iptables-config file to allow it.  You need to configure a line so that it looks like this:

IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp"



Copyright CyberMontana Inc. and BeginLinux.com
All rights reserved. Cannot be reproduced without written permission. Box 1262 Trout Creek, MT 59874