Re: Vsftpd vs. iptables firewall script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Le 23/05/2018 à 17:01, Pete Biggs a écrit :
> You could use active transfer and open port 20, or you could use
> passive, which is more "secure", and allow connections to high port
> numbers.
> 
> Search for active vs passive ftp for more info.

That helped, thanks.

I added the following to /etc/vsftpd/vsftpd.conf:

  pasv_enable=YES
  pasv_min_port=50001
  pasv_max_port=50010

My firewall script now has the following stanza for FTP:

  # FTP
  $MOD ip_conntrack_ftp
  $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 21 -j ACCEPT
  $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 50001:50010 -j ACCEPT

So the firewall problem seems solved.

Cheers,

Niki
-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info@xxxxxxxxxxxxx
Tél. : 04 66 63 10 32
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux