IPTABLES Connection Tracker Feature

I needed to setup an internal FTP server on a Debian server, so I used VSFTPD which is an excellent FTP server – see http://vsftpd.beasts.org

Anyway, it didn’t work all that well for me because I had a custom IPTABLES script running and of course needed to allow for FTP traffic. After fixing that it worked but something was still not right.
What I needed was an IPTABLES Module called connection tracking for FTP or ip_conntrack_ftp

In my IPTABLES configuration I added the following:
#Modules
/sbin/modprobe ip_conntrack_ftp

The the actual rule with a helper:
iptables -A INPUT -m helper –helper ftp -j ACCEPT

On the VSFTPD configuration side of things I added the following:
pasv_enable=YES
pasv_min_port=9950
pasv_max_port=9960

Now it works like a gem!!

More info on IPTABLES Connection tracking:
http://www.cyberciti.biz/tips/how-do-i-use-iptables-connection-tracking-feature.html
http://www.sns.ias.edu/~jns/wp/2006/01/12/iptables-connection-tracking-ftp

Bookmark the permalink.