Cloudlinux cPanel Passive FTP on Solusvm Xen Platform

Can’t get passive FTP working on cPanel Cloudlinux? Despite opening the right ports in the ftp config and firewall?

If your setup is based on Solusvm and Xen with Centos, it’s an easy fix, and the problem has been there since 2010 possibly earlier.

If you login as root to the domu (the vps running cpanel), you might be getting errors to the console:-

 kernel:[494673.545046] nf_ct_ftp: dropping packetIN= OUT=eth0 SRC= DST= LEN=65 TOS=0x10 PREC=0x00 TTL=64 ID=26536 DF PROTO=TCP SPT=21 DPT=60152 SEQ=1117376246 ACK=2992030155 WINDOW=115 RES=0x00 ACK PSH FIN URGP=0 OPT (0101050AB256C1CAB256C1CB)
You can’t fix this from the VPS, it’s due to the Node hosting the VPS.
So login to the Main Node (if you can, or ask your VPS provider to sort this)
Tell them to open /etc/sysconfig/iptables-config in their favourite editor.
Search for FTP, you need to remove:-
ip_nat_ftp and ip_conntrack_ftp
I only had ip_nat_ftp, removing that and doing service iptables restart
was enough to fix Passive FTP on both Plain and TLS connections in cPanel.