iptables ftp denies ls

Hi,

Following is the output of iptables -S command

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 192.168.0.5/32 -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -s 192.168.0.5/32 -p udp -m udp --dport 22 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 20 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 21 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 21 -j ACCEPT 
-A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 20 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 

I don't understand iptables too much but what I want is that anonymous user can execute ls command on ftp prompt.

/etc/sysconfig/iptables-config file has the following line which I guess is required.

IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"

Still when I log into the ftp user using thourgh anonymous user, I can't do ls.

Following is what I get

ftp> ls
550 Permission denied.
Passive mode refused.

How can I resolve this issue?

Are you using ftp or vsftp?

I don't think firewall rules can cause ftp to connect but refuse ls. More likely that's a 'permission denied' on the remote end for trying to read the contents of the remote directory.

You got it right. Probably I had missed giving appropriate permissions. Followed the steps that I used to configure the server. And it's working fine now.

Thanks for taking interest.