FTP/TLS Firewall

My FTP(s) isn't working when my firewall is enabled. I have always had my iptables set up for me in the past, I learnt roughly how to set one up yesterday, but I've missed a rule that this requires. Here is my iptables.rules


# Generated by iptables-save v1.4.4 on Tue Nov 16 23:23:50 2010
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]


-A INPUT -i lo -j ACCEPT
-A INPUT -m state -i eth0 --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20:21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 989:990 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth0 --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth0 --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth0 --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp -i eth0 --dport 10000 -j ACCEPT
-A INPUT -p icmp -i eth0 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable


COMMIT
# Completed on Tue Nov 16 23:23:50 2010
# Generated by iptables-save v1.4.4 on Tue Nov 16 23:23:50 2010
*mangle
REROUTING ACCEPT [95811:65665815]
:INPUT ACCEPT [92355:65212126]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [55795:22371752]
OSTROUTING ACCEPT [55795:22371752]
COMMIT
# Completed on Tue Nov 16 23:23:50 2010
# Generated by iptables-save v1.4.4 on Tue Nov 16 23:23:50 2010
*nat
REROUTING ACCEPT [5132:543438]
OSTROUTING ACCEPT [953:67517]
:OUTPUT ACCEPT [953:67517]
COMMIT
# Completed on Tue Nov 16 23:23:50 2010



So just to summarize, my FTP will connect but not show any files with the firewall enabled. with firewall disabled, everything is perfect.

 

Did you try both active and passive transfers in your FTP client?

 

my client fireftp will only let me connect passively using TLS

 

You must open the passive ports in your firewall. This should give you the idea: http://www.theserverpages.com/artic...ions_to_work_through_a_firewall_properly.html