23 May
2018
23 May
'18
3:27 p.m.
Le 23/05/2018 à 17:01, Pete Biggs a écrit :
You could use active transfer and open port 20, or you could use passive, which is more "secure", and allow connections to high port numbers.
Search for active vs passive ftp for more info.
That helped, thanks.
I added the following to /etc/vsftpd/vsftpd.conf:
pasv_enable=YES pasv_min_port=50001 pasv_max_port=50010
My firewall script now has the following stanza for FTP:
# FTP $MOD ip_conntrack_ftp $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 50001:50010 -j ACCEPT
So the firewall problem seems solved.
Cheers,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info@microlinux.fr
Tél. : 04 66 63 10 32