fedora core 3 linux ftp not working due to firewall

Posted on 2005-04-12
Last Modified: 2010-04-22
I have two linux servers.  One needs to ftp into another.  The firewall on both are set to all ftp.  Taking the firewall off the server and everything works.  Put the firewall on, and it works in active mode, but wont end a command such as put, it just stands there.  How do I get it to allow ftp to the server when the firewall on the server is up?
Question by:Rebelnorth
    LVL 8

    Accepted Solution

    You need to modify config file of firewall /etc/sysconfig/iptables-config
    Add (or modify) these lines
    IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp ipt_conntrack"

    /etc/init.d/iptables restart

    Enjoy :-)
    LVL 7

    Expert Comment

    ...but i do not have a /etc/sysconfig directory....what now? ;-))

    Adding the connection tracking helper module for FTP is one thing, the other thing is, to reflect connection tracking / stateful inspection in your filter rules.
    For example, to allow box A to ftp into box B, try this one:

    on B:
    modprobe ipt_conntrack ipt_conntrack_ftp
    iptables -A INPUT -s A -p tcp --dport 20 -j ACCEPT
    iptables -A INPUT -s A -p tcp --dport 21 -j ACCEPT
    iptables -A INPUT -s A -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A OUTPUT -d A -m state --state ESTABLISHED,RELATED -j ACCEPT

    cheers & HTH,


    LVL 7

    Expert Comment

    > ...but i do not have a /etc/sysconfig directory....what now? ;-))
    > SCNR....

    oops, too early in the morning...
    haven't realized, that the OP clearly mentioned "Fedora Core 3" in the title....:(


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    ​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now