FTP PASV / EPSV iptables solved

FTP and iptables using PASV / EPSV

/etc/vsftp.conf

pasv_enable=YES
pasv_min_port=10090
pasv_max_port=10100

iptables-config

IPTABLES_MODULES=”ip_conntrack ip_conntrack_ftp iptable_nat ip_nat_ftp”

iptables

-A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate NEW,RELATED,ESTABLISHED -m comment –comment “Allow ftp connections on port 20” -j ACCEPT
-A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,RELATED,ESTABLISHED -m comment –comment “Allow ftp connections on port 21” -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate NEW,RELATED,ESTABLISHED -m comment –comment “Allow ftp connections on port 20” -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,RELATED,ESTABLISHED -m comment –comment “Allow ftp connections on port 21” -j ACCEPT

if you need PASV mode, then u need extra bits.

-A INPUT -p tcp -m tcp –dport 10090:10100 -m conntrack –ctstate NEW,RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp –dport 10090:10100 -m state –state RELATED,ESTABLISHED -j ACCEPT

if you need EPSV mode, then u need extra bits.

-A OUTPUT -p tcp -m tcp –dport 49152:65534 -m state –state RELATED,ESTABLISHED -j ACCEPT

MAC cli just not wanting to work with EPSV

spent hours on trying to workout why my FTP wasnt working.

ftp SERVER

issue ls , it then hangs

if you turn off EPSV then it will work again.

ftp> epsv
EPSV/EPRT on IPv4 off.