-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2018/05/23 8:24 AM, Nicolas Kovacs wrote:
I'm currently setting up a local FTP server, to receive disk images sent with G4L (Ghost4Linux).
This server has been running Slackware Linux before, and the Vsftpd setup was relatively simple.
With CentOS things seem to be slightly different, so I'm currently trying to work things out. For the moment, two things seem to be creating problems, the simple iptables firewall and SELinux.
When I disable the firewall and SELinux, Vsftp works as expected. So far so good.
Now let's tackle this one dragon at a time. First the firewall. I'm starting with a very simple firewall script that looks somewhat like this. I'm linking to the template, I won't copy/paste the whole thing here.
https://github.com/kikinovak/centos-7-server-lan/blob/master/config/fi
rewall/firewall-standalone.sh
Under Slackware, the iptables rule for a local FTP server looked like this:
modprobe ip_conntrack iptables -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT
I tried this, but to no avail. Can't connect to my server. I googled a bit, and I found out that there seem to be quite many different answers about the subject of "how do I configure my firewall for Vsftpd".
The ip_conntrack module is necessary, but not sufficient for dynamic FTP connection tracking.
If you instead load ip_conntrack_ftp, it will auto-load ip_conntrack. (On a C7 server the modules are actually nf_conntrack_ftp and nf_conntrack, but the ip_* names are aliases for them so either will work.)
Oh, and to make the module configuration permanent, you can use either the CentOS config file at /etc/sysconfig/iptables-config file (look for the IPTABLES_MODULES line with associated comments) or on a systemd box you have the option of /etc/modules-load.d/ (man modules-load.d for details).
- ---- Nels Lindquist nlindq@maei.ca