01 Jan 2011, 14:50

IPTables Passive FTP Connection Tracking on non-standard ports

Share

Ever tried to run a Linux FTP Server behind a IPTables firwall on non-standard ports, i.e. not on port 21?

The problem is that the FTP connection tracking module nf_conntrack_ftp only watches port 21. If you want to use other ports the module must be loaded with the parameter

ports=21,5367

if you want to run an ftp server on port 21 and one on port 5367. The usual other iptables rules apply, too.