On 23 May 2018 at 11:05, Stephen John Smoogen <smooge@xxxxxxxxx> wrote:
> On 23 May 2018 at 10:24, Nicolas Kovacs <info@xxxxxxxxxxxxx> wrote:
>> Hi,
>>
>> I'm currently setting up a local FTP server, to receive disk images sent
>> with G4L (Ghost4Linux).
>>
>> This server has been running Slackware Linux before, and the Vsftpd
>> setup was relatively simple.
>>
>> With CentOS things seem to be slightly different, so I'm currently
>> trying to work things out. For the moment, two things seem to be
>> creating problems, the simple iptables firewall and SELinux.
>>
>> When I disable the firewall and SELinux, Vsftp works as expected. So far
>> so good.
>>
>> Now let's tackle this one dragon at a time. First the firewall. I'm
>> starting with a very simple firewall script that looks somewhat like
>> this. I'm linking to the template, I won't copy/paste the whole thing here.
>>
>> https://github.com/kikinovak/centos-7-server-lan/blob/master/config/firewall/firewall-standalone.sh
>>
>> Under Slackware, the iptables rule for a local FTP server looked like this:
>>
>> modprobe ip_conntrack
>> iptables -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT
>>
>> I tried this, but to no avail. Can't connect to my server. I googled a
>> bit, and I found out that there seem to be quite many different answers
>> about the subject of "how do I configure my firewall for Vsftpd".
>>
>
> OK looking at this, try changing the script as follows:
>
> # Connexions établies
> $IPT -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT
>
> # SSH
> $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 22 -j ACCEPT
>
> # FTP
> $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT
>
>
>
I forgot to say why. The RELATED is used to say that it is ok that the
ftp extra ports are kept track of. Without it they are dropped as you
are seeing.
--
Stephen J Smoogen.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
