Configure iptables ftp port 21 and 22 including passive ports

Configure iptables ftp port 21 and 22 including passive ports

How do I open port 21 using Linux iptables firewall?

Use iptables administration tool for IPv4 packet filtering and NAT under Linux to open tcp port 21 (FTP). Following rule-set assumes that your eth0 network interface is directly connected to the Internet. It has public ip (202.54.1.20). FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data). So following iptables rules take care of both ports (add rules to your iptables based shell script):

Procedure
Add support for FTP connection tracking.

Task load required iptables modules
First login as the root user.

Next type the following command to load two iptables modules:
# modprobe ip_conntrack        ( don’t forget to load this at startup or as a module within iptables )
# modprobe ip_conntrack_ftp        ( don’t forget to load this at startup or as a module within iptables )
Now add following iptables rules for incoming request on port 21 (open port 21) to your script:

iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 21 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 21 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPTAND:

iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 1024:65535 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 1024:65535 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

AND:

iptables -A OUTPUT -p tcp -s 202.54.1.20 –sport 20 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d 202.54.1.20 –dport 20 -m state –state ESTABLISHED -j ACCEPT

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 4 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.