Vsftp: connections from behind a firewall hang
Q I have Red Hat Enterprise Linux ES 4 running on my server. It uses Vsftp as an FTP service. FTP seems to work OK, but I have increasingly noticed that when I attempt to make a connection from a remote location that uses ADSL or I am behind a firewall, the connection occurs as I get prompted for a username and password, but I am unable to list directory content or upload files. There is no obvious error - it just hangs, whether I use an FTP client or a command line. I am using Iptables for firewall protection, which I have only recently enabled, and I think this might be related, because when I turn Iptables off the FTP works fine.
A The problem here is with regards to the Iptables modules running on the server. You will need to enable two 'nat helper' modules for the Iptables. They are called ip_nat_ftp and ip_conntrack_ftp. Run them by typing
modprobe ip_nat_ftp modprobe ip_conntrack_ftp
Now lsmod will reveal:
Module Size Used by ip_nat_ftp 4913 0 iptable_nat 23037 1 ip_nat_ftp ip_conntrack_ftp 72689 1 ip_nat_ftp ipt_LOG 6465 1 ipt_state 1857 1 ip_conntrack 40565 4 ip_nat_ftp,iptable_nat, ip_ conntrack_ftp,ipt_state iptable_filter 2753 1 ip_tables 16705 4 iptable_nat,ipt_LOG, ipt_state, iptable_filter
Please note that running this modprobe will not keep these modules loaded, because when Iptables is restarted for any reason, it will not load the modules again, and you would need to run the modprobe again. To bypass this, you can edit the /etc/sysconfig/iptables-config and add the following entry:
Now when you restart Iptables you will see the following:
'Loading additional iptables modules: ip_nat_ftp ip_conntrac[ OK ]'.
This should resolve any FTP issues through the firewall.
- Vsftp: connections from behind a firewall hang
- How to exclude a port from a Linux firewall
- Use iptables to set up a firewall
- Map Windows Storage Server on Linux
- Setting up VNC for friends