Re: Vsftpd vs. iptables firewall script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> Doesn't work. I redirected all my errors to /var/log/messages, so here's
> what I get when I try to connect Filezilla to that server.
> 
> May 23 16:48:58 c7-server kernel: +++ IPv4 packet rejected +++ IN=enp0s3
> OUT= MAC=08:00:27:00:00:03:d4:85:64:b2:b2:1b:08:00 SRC=192.168.2.2
> DST=192.168.2.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30737 DF PROTO=TCP
> SPT=51474 DPT=38714 WINDOW=29200 RES=0x00 SYN URGP=0
> 

FTP uses two ports - in active mode the server uses 21 for command and
20 for data after the initial connection. In passive mode it uses 21
for command and a high random port number for data. What is happening
is that you are blocking the high port number. (Yes, I know that's a
gross simplification.)

You could use active transfer and open port 20, or you could use
passive, which is more "secure", and allow connections to high port
numbers.

Search for active vs passive ftp for more info.

P.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux