Danila Vershinin's questions -server

Danila Vershinin

Asked: 2014-10-09 15:25:12 +0800 CST

Allowing passive FTP connections in FirewallD (CentOS 7)

In CentOS 7 which comes with FirewallD, enabling HTTP access was easy:

firewall-cmd --permanent --zone=public --add-service=http

However,

firewall-cmd --permanent --zone=public --add-service=ftp

doesn't work: the rule applies, but I can't access FTP by any means except disabling FirewallD.

Some diagnostic info:

I have checked the service definition file (ftp.xml) and it makes use of nf_conntrack_ftp module.
On my VPS the module is compiled into kernel (not separate) so it's not there via lsmod, but I can confirm it's there by this:


zgrep FTP /proc/config.gz


CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_TFTP=y
CONFIG_NF_NAT_FTP=y
CONFIG_NF_NAT_TFTP=y