[CentOS] Vsftpd vs. iptables firewall script
Nicolas Kovacs
info at microlinux.fr
Wed May 23 15:27:21 UTC 2018
Le 23/05/2018 à 17:01, Pete Biggs a écrit :
> You could use active transfer and open port 20, or you could use
> passive, which is more "secure", and allow connections to high port
> numbers.
>
> Search for active vs passive ftp for more info.
That helped, thanks.
I added the following to /etc/vsftpd/vsftpd.conf:
pasv_enable=YES
pasv_min_port=50001
pasv_max_port=50010
My firewall script now has the following stanza for FTP:
# FTP
$MOD ip_conntrack_ftp
$IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT
$IPT -A INPUT -p tcp -i $IFACE_LAN --dport 50001:50010 -j ACCEPT
So the firewall problem seems solved.
Cheers,
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
More information about the CentOS
mailing list