Enable port 21 of ftp in linux

1. Run the vsftpd service first:

# Service vsftpd start

2. Open Port 21 through iptables

(1) first view iptables settings:

# Iptables-nL

Chain INPUT (policy ACCEPT)
Target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited // if the above rules are not met, all reject;

Chain FORWARD (policy ACCEPT)
Target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
Target prot opt source destination

(2) Insert port 21 to the input accept.

# Iptables-I INPUT 5-p tcp -- dport 21-j ACCEPT # rulenum is 5, in INPUT, REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

(3) insert it into the input accept and view it.

# Iptables-nL -- line-numbers

Chain INPUT (policy ACCEPT)
Num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt: 22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt: 21
6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
Num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
Num target prot opt source destination

3. telnet ip 21 on the client to verify

Key Point: Make sure to place the inserted rule before REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited, otherwise it will not work !!

4. Build an FTP service

Load ip_conntrack_ftp to complete setup

# Modprobe ip_conntrack_ftp

Note: "1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED, ESTABLISHED" in iptables INPUT can implement ftp connection in pasv Mode

Reference:

**************************************** **************************************** ***********************************

The FTP protocol can work in two ways: PORT and PASV. The Chinese meaning is active and passive.
Port mode: ftp server: tcp 21 <------ client: dynamic ftp server: tcp 20 ------> client: dynamic
Pasv mode: ftp server: tcp 21 <---- client: dynamic ftp server: tcp dynamic <---- client: dynamic

The active connection process is that the client sends a connection request to the ftp port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the client uses the PORT command on the command link to tell the server: "I opened PORT XXXX and you came to connect to me ". The server sends a connection request from Port 20 to port XXXX of the client and establishes a data link to transmit data.
PASV (passive) connection process: the client sends a connection request to the FTP port of the server (21 by default). The server accepts the connection and establishes a command link. When data needs to be transmitted, the server uses the PASV command on the command link to tell the client: "I opened port XXXX, and you came to connect to me ". Therefore, the client sends a connection request to port XXXX of the server and establishes a data link to transmit data.
**************************************** **************************************** ***********************************