Troubleshooting an issue with an FTP connection going through an iptables firewall and seeing some strange issues with passive mode.
We are trying to connect to an FTP server and get the directory listing, and it seems to work in PASV mode in all cases, but times out when EPSV is sent instead. The server understand EPSV, because that works with iptables disabled.
tcpdump shows the client sending the EPSV request, and then the server does not respond after EPSV is sent. if the client sends PASV, everything works as expected.
nf_conntrack, nf_conntrack_ftp, nf_nat, and nf_nat_ftp are all loaded and the appropriate rules are in place.
Vendor has acknowledged this is a bug in the release of the software we are running.