SK's Tech Blog: Vsftpd and iptables

Friday, September 07, 2007

Vsftpd and iptables

In one of our servers we were running vsftpd service. iptables was setup to allow ports 21 and 20(data). Still after the user logs in, the connection dies when trying to enter passive mode.

Entry: /sbin/modprobe ip_conntrack_ftp

was already there in /etc/rc.local

still the module was not loaded by default, Since iptables unloas all modules automatically everytime it starts.

Change the below lines to change this behavior:

ip_conntrack_ftp 76273 0 ip_conntrack 45573 1 ip_conntrack_ftp IPTABLES_MODULES_UNLOAD="no" # Makes all modules to be persistent

Restart the service and check whether the conntrack module is loaded

# service iptables restart # lsmod|grep ip_conntrack

Worked liked charm. Now i could login to the ftp service and enter passive mode.

No comments:

Post a Comment

Disclaimer

This is a personal blog. The views and opinions expressed here represent my own and not those of the people, institutions or organizations that I may or may not be related with unless stated explicitly. Also, my thoughts and opinions change from time to time as I come to learn more and develop my understanding about the things and issues that I am blogging about. This blog just provides a snapshot of the knowledge, views, and opinions that I hold at a particular point of time and these might most probably change over a period of time. I reserve the right to evolve my knowledge, thoughts, and viewpoints over time and to change them without assigning any reason. My blog includes links to other sites/blogs operated by third parties. These are provided as a means of convenient access to you to the information/opinion contained therein. I am in no way responsible for the content of any other sites or any products or services that may be offered through other sites.

Adsense 1

Friday, September 07, 2007

Vsftpd and iptables

No comments:

Post a Comment