To configure passive mode for vsftpd you need to set some parameters in vsftpd.conf.


This enables passive mode and restricts it to using the eleven ports for data connections. This is useful as you need to open these ports on your firewall.
iptables -I INPUT -p tcp --destination-port 10090:10100 -j ACCEPT

If after testing this all works then save the state of your firewall with

service iptables save

which will update the /etc/sysconfig/iptables file.

To do this is CentOS 7 you have to use the new firewalld, not iptables:

Find your zone:

# firewall-cmd --get-active-zones
  interfaces: eth0

My zone is 'public', so I set my zone to public, add the port range, and after that we reload:

# firewall-cmd --permanent --zone=public --add-port=10090-10100/tcp
# firewall-cmd --reload

What happens when you make a connection

  • Your client makes a connection to the vsftpd server on port 21.

  • The sever responds to the client telling it which port to connect to from the range specified above.

  • The client makes a data connection on the specified port and the session continues.

There is a great explanation of the different ftp modes here.




    passive ftp vsftp


    Frank 發表在 痞客邦 留言(0) 人氣()