allowing passive FTP from the outside

Justin Zygmont jzygmont at solarflow.net
Sat Apr 2 21:33:12 UTC 2005


On Sat, 2 Apr 2005, Markku Kolkka wrote:

> Justin Zygmont kirjoitti viestissään (lähetysaika lauantai, 2.
> huhtikuuta 2005 12:23):
>> I know the problem is because a nonexistent iptables rule, i'm
>> just at a loss as to what the missing rules should look like.
>> The only thing that is different in this case is that I need
>> to use port 221 for FTP instead of 21,
>
> That's what breaks everything. The FTP control connection must be
> on server port 21. Using a different port violates RFC 959 and
> ip_conntrack_ftp doesn't watch any other port for FTP traffic.

are you sure ftp_conntrack is even needed?  I thought that's usually used 
just for stateful routing through a server, and not to connect to one from 
the outside.  Also when I shut iptables down, it works, I can get a ftp 
listing.


More information about the fedora-list mailing list