Iptables Open FTP Port

FTP is the file Transfer Protocol ( Files Transfer Protocol ), which has two modes of operation, namely active mode (post ) and passive mode ( Passive )

Active mode: The default TCP port is used to establish a Connection (control connection), port for data transmission

Passive mode: the default TCP port and active mode are used to control the connection, while the data connection is via a port greater than 1023

If FTP works in active mode as long as the 20,21 port is open , but if you are working in passive mode, you cannot specify a port for data transfer, use iptables medium stata(status tracking)

There are four states in state:NEW established related INVALID

NEW: Initiating a TCP connection request Status

Established: After this TCP connection request to the state before the disconnection

Related: a established connection is then raised to a connection, and this connection is called related

INVALID: Unrecognized connection or invalid connection

Open Passive Mode configuration:

1, we can create a ftp-data Connection in the ftp-control connection through related , if you want to use related to ensure that iptables loads the modules supported by the FTP protocol

# vi/etc/sysconfig/iptables-configiptables_midules= "Ip_nat_ftp ip_conntrack_ftp" #加载ip_nat_ftp和ip_conntrack_ftp模块

2,iptables-a input-m State--state related,established-j ACCEPT # Open Request message Related,estab lished Status

# iptables-a input-d 172.16.100.7-p TCP--dport 21-m State--state new-j ACCEPT #开放21端口 # iptables-a Output-s 172.1 6.100.7-m State--state Established-j ACCEPT #开放响应报文的ESTABLISHED状态

Iptables Open FTP Port