IPTABLES FTP SSL Configuration
Posted on 2006-06-06
Our sysadmin has given up on me so I thought I'd ask here....
We want an implict FTP SSL setup. We have an FTP server running behind an IPTABLES firewall. The FTP server is running implicit FTP SSL/TLS on port 990 - on a Windows 2003 server.
The setup works fine behind the firewall (with passive FTP connections) but as soon as we are on the other side of the firewall, we have problems. The client connects to port 990 ok, sends userid and password and connects fine. Then the client switches to Passive mode (with the right external IP of the firewall) and tries to do a LIST and stops/hangs. i.e.:
Command: TYPE A
Response: 200 Type set to A
Response: 227 Entering Passive Mode (192,168,0,101,7,43)
Error: Could not retrieve directory listing
We had Passive FTP working fine with IPTABLES on port 21, but god knows why, this doesn't work.
Can someone provide command-by-command IPTABLES configs for this? I presume it is possible.