Setup Iptables for FTP Passive connections Ubuntu?

Posted on September 15, 2013

Hi I have setup the iptables using the guide https://www.digitalocean.com/community/articles/how-to-set-up-a-firewall-using-ip-tables-on-ubuntu-12-04 and it works great. Now I need to also configure the iptables to allow FTP to use Passive Mode. I have read that you need to run command #modprobe ip_conntrack_ftp and modprobe ip_conntrack and these 2 are loaded.

The current iptable looks like this.

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport ssh -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 21 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT iptables -A INPUT -p tcp --dport 2812 -j ACCEPT iptables -A INPUT -p tcp --dport 10000 -j ACCEPT iptables -A INPUT -j DROP

Any idea how to allow Passive FTP sessions in Iptables?

Many thanks Mike

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Kamal Nasser

September 15, 2013

Try adding these rules: <pre>iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED -j ACCEPT</pre> Also I recommend deleting the <code>-A INPUT -j DROP</code> rule and setting INPUT’s default policy to DROP: <pre>iptables -D INPUT -j DROP iptables -P INPUT DROP</pre>