IPTABLES Connection Tracker Feature

I needed to setup an internal FTP server on a Debian server, so I used VSFTPD which is an excellent FTP server – see http://vsftpd.beasts.org

Anyway, it didn’t work all that well for me because I had a custom IPTABLES script running and of course needed to allow for FTP traffic. After fixing that it worked but something was still not right.
What I needed was an IPTABLES Module called connection tracking for FTP or ip_conntrack_ftp

In my IPTABLES configuration I added the following:
/sbin/modprobe ip_conntrack_ftp

The the actual rule with a helper:
iptables -A INPUT -m helper –helper ftp -j ACCEPT

On the VSFTPD configuration side of things I added the following:

Now it works like a gem!!

More info on IPTABLES Connection tracking:

Bookmark the permalink.