Open vsftpd port under iptables firewall

In the open vsftpd port Later, I found that I can log in with the client tool , But I can't browse files and create new files . At this time, I looked ftp The agreement , Find out ftp There are active mode and passive mode . Open at the service end 21 The port allows the client to enter , There is no exit port , Open the port on the server , Finally, add ftp The corresponding module , The whole operation is a little complicated , Write it down today to deepen your impression in the future .

1. install vsftpd Software

yum install vsftpd -y

2. Open anonymous access and passive mode port

vim /etc/vsftpd/vsftpd.conf

anonymous_enable=YES              -- Enable anonymous user access

anon_upload_enable=YES              -- Anonymous user names can upload files

anon_mkdir_write_enable=YES        -- Anonymous users can create files anon_other_write_enable=YES        -- Anonymous users can rename files

pasv_enable=YES                        -- Turn on passive mode pasv_min_port=30000                    -- Passive mode minimum port pasv_max_port=31000                  -- Passive mode maximum port

3. load ftp modular

vim /etc/modprobe.d/vsftpd.conf

alias ip_conntrack ip_conntrack_ftp ip_nat_ftp    -- load ftp modular

vim /etc/rc.local

/sbin/modprobe ip_conntract                -- Boot load module /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp

4. Port filtering

vim /etc/sysconfig/iptables

-A INPUT -p tcp -m multiport --dport 20,21  -m state --state NEW -j ACCEPT  -- Turn on 20,21 port -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT            -- Turn on 21 Active port -A INPUT -p tcp --dport 30000:31000 -j ACCEPT            -- Open the passive port

5. Login test