[CentOS] Vsftpd vs. iptables firewall script

Wed May 23 15:27:21 UTC 2018
Nicolas Kovacs <info at microlinux.fr>

Le 23/05/2018 à 17:01, Pete Biggs a écrit :
> You could use active transfer and open port 20, or you could use
> passive, which is more "secure", and allow connections to high port
> numbers.
> Search for active vs passive ftp for more info.

That helped, thanks.

I added the following to /etc/vsftpd/vsftpd.conf:


My firewall script now has the following stanza for FTP:

  # FTP
  $MOD ip_conntrack_ftp
  $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT
  $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 50001:50010 -j ACCEPT

So the firewall problem seems solved.


Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32