Proftpd & firewall on CentOS/SL 6.x

Strange issue.
I have 2 new boxes (1 Scientific Linux 6.1 + 1 CentOS 6.2), with the same problem: If I leave enabled the standard firewall (/etc/init.d/iptables script), FTP connctions don’t work in passive mode.
The boxes are under a Firewall NAT, so I first supposed it is a NAT problem, but I had the same problem if I connect from localhost o from the local net. So the firewall isn’t the souce of the problem. A simple /etc/init.d/iptables stop solve all problems.
But, if possible I like to have the local firewall active :wink:
Other boxes, same config but using CentOS 5.x give no problem.
Tried various combinations of setting in /etc/sysconfig/iptables and /etc/sysconfig/iptables-config as reported in various internet posts, with no results.

Any hints?

Thanks, P.


Check out the “FTP Service Isn’t Working” section here, that may assist with the problem you’re seeing:

The solutions was loading the ip_conntrack_ftp module (added in /etc/sysconfig/iptables-config).
But I need to reboot the box to have it working.

My attempts whitout reboot don’t give any good result.

Regards, P.

a bit off topic.

What permissions do you have for proftpd log file /var/log/xferlog?