If you use DROP policy on INPUT chain, you’ll have issues with passive ftp. To solve this apply these rules for iptables to allow passive ftp in iptables.

To avoid lockout in case the script fails at some point, add a ‘at’ job to remove DROP policy on INPUT chain. Even if you’re very confident that you’re doing everything right, don’t forget about this. There was a lot of times when I was locked out because of some failed paste into the file or left the typo somewhere. So this will let you to get the connection back after some time if you failed at some point.

Create a at job like 5 or 10 minutes later to run this:

First we have to enable iptables modules:

Create some empty .sh file with this content:

Make it executable and run:

If everything went fine and you weren’t locked out, you can delete at job:

Now passive ftp should work for you!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post Navigation