After the LINUX firewall is enabled, ftp pasv cannot log on normally.

After the LINUX firewall is enabled, ftp pasv cannot log on to the linux Server normally. If the firewall is enabled, add port 21 to the firewall configuration file. The FTP server can access the port, but pasv cannot. The client is usually connected through pasv. The solution is as follows: first, you need to understand the concept. FTP supports two modes: Standard (PORT mode, active mode) and Passive (PASV, passive mode ). The FTP client in Standard mode sends the PORT command to the FTP server. The client in Passive mode sends the PASV command to the FTP Server. The simple differences between PORT and PASV are as follows: the Port mode FTP client first establishes a connection with the tcp port 21 of the FTP server and sends commands through this channel, when the client needs to receive data, it sends the PORT command on this channel. The PORT command contains the PORT used by the client to receive data. When transmitting data, the server connects to the specified port of the client through its TCP port 20 to send data. The FTP server must establish a new connection with the client to transmit data. The Passive mode is similar to the Standard mode when a control channel is established, but the Port command is not sent after the connection is established, but the Pasv command. After the FTP server receives the Pasv command, it randomly opens a high-end port (the port number is greater than 1024) and notifies the client to send data requests on this port. The client connects to this port of the FTP server, the FTP server then transmits data through this port. At this time, the FTP server no longer needs to establish a new connection with the client. Because ie uses Passive (Passive) mode by default, it is necessary to connect to the Linux server over port 1024, while the firewall does not develop a port above 1024, resulting in firewall blocking login to the ftp server. Vsftp: Modify vsftpd. the conf configuration file allows it to support Passive (Passive) mode # vim/etc/vsftpd. add the following content to the last line of conf: pasv_min_port = 10050 (set the port range in passive mode) pasv_max_port = 10060 (set the port range in passive mode) pureftp: vi pure-ftpd.conf # port range for passive connection response. -For firewalling. # PassivePortRange 10050 10060 Add A port in the firewall configuration file iptables # vim/etc/sysconfig/iptables-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 10050: 100060-j ACCEPT restart service to make it take effect # service vsftpd rstart # service iptables restart