Iptables open ftp port 21

Use iptables administration tool for IPv4 packet filtering and NAT under Linux to open tcp port 21 (FTP). Following rule-set assumes that your eth0 network interface directly connected to internet. It has public ip (202.54.1.20). FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data). So following iptables rules take care of both ports (add rules to your iptables script):

Procedure

Add support for FTP connection tracking.

Task load required iptables modules

First login as the root user.

Next type the following command to load two iptables modules:
# modprobe ip_conntrack
# modprobe ip_conntrack_ftp

Now add following iptables rules for incoming request on port 21 (open port 21) to your script:

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s 202.54.1.20 --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 202.54.1.20 --dport 20 -m state --state ESTABLISHED -j ACCEPT

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

{ 4 comments… read them below or add one }

1 sahid 12.07.06 at 1:20 am

How i will establish iptables on my linux server also i want to establish iptables againest on MAC and IPTABLES.please give me solution very son.I am not interested to give all service of all user.At that time what i will do?

2 joel 03.26.07 at 8:39 am

what if the ftp server is inside the network..what would be the iptable rule(s) that should be added to forward the port 20 and 21 request from the gateway machine to the ftp server whose ip address is 192.168.x.xx?can u post the right ip table rule to do that because i am really having a hard time setting up my ftp server to run.:(

3 Amanda 02.27.08 at 8:56 pm

How do I open my FTP port 21 on my computer? What would close this and why?
Amanda

4 frank 02.11.09 at 5:13 am

What is going to happen if I am not using this “Iptables open ftp port 21″?
I have my dlink router setup with forward port 21 and seems it works fine?

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Previous post: Configure Samba to use domain accounts for authentication

Next post: FTP Connection refused error – Solution to problem