Active ftp mode
Client starts connection with server on port TCP 21
Servers tells client to start listning on a port higher then TCP 1024
Server starts sending data traffic from TCP 20 to the TCP 1024 or higher port
Connection tracking is an essential security feature of Iptables. But, what is connection tracking?
It is the ability to maintain connection information in memory. This is new feature added in 2.4.xx Linux kernel. Eariler only commercial firewall has this feature but now it is part of Linux. It can remember connection states such as established & new connections along with protocol types, source and destination ip address. You can allow or deny access based upon state. Following are the states:
How do I open port 21 using Linux iptables firewall?
Use iptables administration tool for IPv4 packet filtering and NAT under Linux to open tcp port 21 (FTP). Following rule-set assumes that your eth0 network interface is directly connected to the Internet. It has public ip (126.96.36.199). FTP use both port 21 and 20 (port 21 for the command port and port 20 for the data). So following iptables rules take care of both ports (add rules to your iptables based shell script):