[CentOS] FirewallD and FTP passive mode
steve.clark at netwolves.com
Fri May 6 12:18:10 UTC 2016
On 05/05/2016 09:15 AM, Marcin Trendota wrote:
> I'm trying to run FTP server behind firewall. And i can't enable passive
> mode from the Internet. There are plenty howtos but there aren't many
> with my combination.
> For now i have configured port forwarding and ftp server itself.
> On the router:
> # firewall-cmd --list-all --zone=external
> external (active)
> interfaces: enp3s1
> services: openvpn ssh
> ports: 1194/tcp 2666/tcp 88/tcp
> masquerade: yes
> forward-ports: port=21:proto=tcp:toport=:toaddr=10.0.32.7
> rich rules:
> I also did:
> # modprobe ip_conntrack_ftp ports=10090,10100
> excerpt form vsftpd.conf on the FTP server:
Do you have pasv_addr set to the hostname of the server?
Use this option to override the IP address that vsftpd will advertise in response to
the PASV command. Provide a numeric IP address, unless pasv_addr_resolve is enabled,
in which case you can provide a hostname which will be DNS resolved for you at
Default: (none - the address is taken from the incoming connected socket)
> >From LAN or through VPN it works. But on the public address i can only
> log in, cannot turn into passive mode:
> Connected to ftp1.domain.com (xxx.xxx.xxx.xxx).
> 220 (vsFTPd 2.2.2)
> Name (ftp1.domain.com:root): user
> 331 Please specify the password.
> 230 Login successful.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 227 Entering Passive Mode (10,0,32,7,39,111).
> ftp: connect: Connection timed out
> Also this IP looks weird - shouldn't it be public IP?
> What am i doing wrong?
*NetWolves Managed Services, LLC.*
Director of Technology
Email: steve.clark at netwolves.com
More information about the CentOS