Allowing ftp with iptables

When you allow ftp with iptables, allowing port 21 like below is not enough to accept LIST command.

# iptables -A INPUT -p tcp --dport 21 -j ACCEPT

You need to load 2 modules ip_conntrack_ftp and ip_nat_ftp.
Edit /etc/sysconfig/iptables-config and add the following and they will be loaded automatically.

IPTABLES_MODULES="ip_conntrack_ftp ip_nat_ftp"

Then restart iptables.

# service iptables restart

Make sure the modules are loaded.

# lsmod
Module                  Size  Used by
nf_nat_ftp              7361  0 
nf_conntrack_ftp       13761  1 nf_nat_ftp
...(omit)

Source: iptablesでftpを通す

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.