Firehol and FTP Compatibility Problem 

This short article is to help provide a possible solution to those of you that are having communication problems via FTP with a Linux server running Firehol.

I had been having all sorts of strange problems everytime I tried to connect to our Linux server via FTP. I could login fine, but my FTP client would often lock up with directory listing errors
when trying to browse through the folders of our web directory. When trying to tranfer files, they would often fail or sit in the queue for a very long time before finally transferring (or failing).

I was having this problem with all of the FTP clients that I tried and I figured that it must have something to do with our Firehol firewall. I found a few posts asking about this problem on various sites, but nobody had an answer that worked. I finally posted the question in the Sourceforge forums and the author solved it for us.

First, you obviously need to check your Firehol.conf file and make sure that FTP is allowed. You should see something like:

Code :

server "dns ftp http https ssh icmp mysql" accept

Make sure that FTP is listed in the server accept list.

The solution to our problems was to add the following 2 lines to the top of our firehol.conf file:

Code :

iptables -A INPUT -m helper --helper ftp -j ACCEPT
iptables -A OUTPUT -m helper --helper ftp -j ACCEPT

The author of Firehol stated that he thinks newer kernels handle FTP differently and he thinks he might update Firehol in the future to address this.

Hope that helps!

