To configure passive mode for vsftpd you need to set some parameters in vsftpd.conf.

pasv_enable=Yes
pasv_max_port=10100
pasv_min_port=10090

This enables passive mode and restricts it to using the eleven ports for data connections. This is useful as you need to open these ports on your firewall.
iptables -I INPUT -p tcp --destination-port 10090:10100 -j ACCEPT

If after testing this all works then save the state of your firewall with

service iptables save

which will update the /etc/sysconfig/iptables file.

To do this is CentOS 7 you have to use the new firewalld, not iptables:

Find your zone:

# firewall-cmd --get-active-zones
public
  interfaces: eth0

My zone is 'public', so I set my zone to public, add the port range, and after that we reload:

# firewall-cmd --permanent --zone=public --add-port=10090-10100/tcp
# firewall-cmd --reload

What happens when you make a connection

  • Your client makes a connection to the vsftpd server on port 21.

  • The sever responds to the client telling it which port to connect to from the range specified above.

  • The client makes a data connection on the specified port and the session continues.

There is a great explanation of the different ftp modes here.

本文轉貼自 http://serverfault.com/questions/421161/how-to-configure-vsftpd-to-work-with-passive-mode

 


文章標籤
創作者介紹

經驗交流分享與備忘

Frank 發表在 痞客邦 PIXNET 留言(0) 人氣()