Adsense 1

Friday, September 07, 2007

Vsftpd and iptables

In one of our servers we were running vsftpd service. iptables was setup to allow ports 21 and 20(data). Still after the user logs in, the connection dies when trying to enter passive mode.

Entry: /sbin/modprobe ip_conntrack_ftp

was already there in /etc/rc.local

still the module was not loaded by default, Since iptables unloas all modules automatically everytime it starts.

Change the below lines to change this behavior:


ip_conntrack_ftp 76273 0
ip_conntrack 45573 1 ip_conntrack_ftp

IPTABLES_MODULES_UNLOAD="no" # Makes all modules to be persistent

Restart the service and check whether the conntrack module is loaded

# service iptables restart

# lsmod|grep ip_conntrack


Worked liked charm. Now i could login to the ftp service and enter passive mode.