Ping a Specific Port

Question

Danila Vershinin

Asked: 2014-10-09 15:25:12 +0800 CST2014-10-09 15:25:12 +0800 CST 2014-10-09 15:25:12 +0800 CST

Allowing passive FTP connections in FirewallD (CentOS 7)

772

In CentOS 7 which comes with FirewallD, enabling HTTP access was easy:

firewall-cmd --permanent --zone=public --add-service=http

However,

firewall-cmd --permanent --zone=public --add-service=ftp

doesn't work: the rule applies, but I can't access FTP by any means except disabling FirewallD.

Some diagnostic info:

I have checked the service definition file (ftp.xml) and it makes use of nf_conntrack_ftp module.
On my VPS the module is compiled into kernel (not separate) so it's not there via lsmod, but I can confirm it's there by this:


zgrep FTP /proc/config.gz


CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_TFTP=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_NAT_TFTP=y

2 Answers

Voted

georgem · Answer 1 · 2015-04-12T23:43:15+08:00

georgem

2015-04-12T23:43:15+08:002015-04-12T23:43:15+08:00

I did not researched the issue throughly, so I do not understand the details, but it seems this has something to do with how the active - passive connections are setup both for vsftpd on the server and for the client (ex: Filezilla).

Basically you will need to:

configure vsfptd passive mode by adding the following to /etc/vsftpd/vsftpd.conf: pasv_enable=Yes pasv_max_port=40000 pasv_min_port=40000
Restart vsftpd: systemctl restart vsftpd.service
Ope port 4000 in FirewallD: firewall-cmd --permanent --add-port=40000/tcp firewall-cmd --reload
Then I was able to connect with lftp. For setting Filezilla to use active mode check http://www.itzgeek.com/how-tos/linux/centos-how-tos/enable-passive-mode-in-ftp-on-centos-7-rhel-7-for-filezilla-and-winscp.html#axzz3X4loTCMi

8

user395690 · Answer 2 · 2017-01-18T19:56:50+08:00

user395690

2017-01-18T19:56:50+08:002017-01-18T19:56:50+08:00

try: edit /etc/vsftpd/vsftpd.conf

pasv_enable=YES
pasv_min_port=65400
pasv_max_port=65410

Then:

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -p TCP --dport 21 --sport 1024:65534 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -p TCP --dport 65400:65410 --sport 1024:65534 -j ACCEPT
firewall-cmd --reload
firewall-cmd --permanent --direct --get-all-rules

I use vsftp server & FileZilla Client can working

1

Allowing passive FTP connections in FirewallD (CentOS 7)

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?