Proftpd & firewall on CentOS/SL 6.x

PaulVM · January 9, 2012, 6:52pm

Strange issue.
I have 2 new boxes (1 Scientific Linux 6.1 + 1 CentOS 6.2), with the same problem: If I leave enabled the standard firewall (/etc/init.d/iptables script), FTP connctions don’t work in passive mode.
The boxes are under a Firewall NAT, so I first supposed it is a NAT problem, but I had the same problem if I connect from localhost o from the local net. So the firewall isn’t the souce of the problem. A simple /etc/init.d/iptables stop solve all problems.
But, if possible I like to have the local firewall active
Other boxes, same config but using CentOS 5.x give no problem.
Tried various combinations of setting in /etc/sysconfig/iptables and /etc/sysconfig/iptables-config as reported in various internet posts, with no results.

Any hints?

Thanks, P.

Eric · January 9, 2012, 7:05pm

Howdy,

Check out the “FTP Service Isn’t Working” section here, that may assist with the problem you’re seeing:

https://www.virtualmin.com/documentation/web/faq

PaulVM · January 9, 2012, 9:59pm

Solved.
The solutions was loading the ip_conntrack_ftp module (added in /etc/sysconfig/iptables-config).
But I need to reboot the box to have it working.

My attempts whitout reboot don’t give any good result.

Regards, P.

helpmin · January 11, 2012, 5:17pm

a bit off topic.

What permissions do you have for proftpd log file /var/log/xferlog?