Using vsftpd with iptables
Add these modules to /etc/sysconfig/iptables-config:
- To get vftpd to work with NAT: ip_nat_ftp
- To use passive ftp without opening other ports: ip_conntrack_ftp
These are the firewall rules required with ip_conntrack_ftp:
# Allow incoming FTP connections to the ftp server -A FORWARD -i eth2 -p tcp -d 1.2.3.4 --dport 21 --sport 1024:65535 -j ACCEPT -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT