I configured Pure-FTPd-MySQL + IPTables but I have a problem with Passive mode (who doesn't?)
I forced this port range:
echo "1024 65535" > /etc/pure-ftpd/conf/PassivePortRange
In Iptables, a few rules handle FTP limitations. And I've got a problem with one of these:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d $SERVER_IP --dport 1024:65535 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
I want to disallow the NEW connections but if I do so, passive mode doesn't work anymore. Any idea why? I don't see any reason for this.
Best Answer
ip_conntrack and ip_conntrack_ftp were missing. I added them to /etc/modules and voila.