After installing VSFTPD, by default, CentOS Firewall is not open FTP service, need to add module and open 21 port to provide FTP access.
1. Add Ip_conntrack_ftp Module
[root@hexuweb101 ~] Vi/etc/sysconfig/iptables-config
Add the following line
Iptables_modules= "Ip_conntrack_ftp"
2. Open 21 ports
[root@hexuweb101 ~] Vi/etc/sysconfig/iptables
CentOS 5.x version Add the following rules
-A rh-firewall-1-input-p tcp-m state--state new-m TCP--dport 21-j ACCEPT
CentOS 6.x version Add the following rules
-A input-m state--state new-m tcp-p TCP--dport 21-j ACCEPT
3. Restart Iptables to bring new rules into effect
[root@hexuweb101 ~] Service iptables restart
4. Check to see if iptables is normal
[root@hexuweb101 ~] $service iptables status
Num target prot opt source destination
1 ACCEPT All--0.0.0.0/0 0.0.0.0/0
2 ACCEPT ICMP--0.0.0.0/0 0.0.0.0/0 ICMP type 255
3 ACCEPT ESP--0.0.0.0/ 0 0.0.0.0/0
4 ACCEPT AH--0.0.0.0/0 0.0.0.0/0
5 ACCEPT UDP--0.0.0.0/0 224.0.0.251 UDP dpt:5353
6 ACCEPT UDP--0.0.0.0/0 0.0.0.0/0 UDP dpt:631
7 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 TCP dpt:631
8 ACCEPT All--0.0.0.0/0 0.0.0.0/0 State related,established
9 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 State NEW TCP dpt:22
ACCEPT TCP-0 .0.0.0/0 0.0.0.0/0 State NEW tcp dpt:21
...
from the results to see the FTP port 21st is turned on, you can use the FTP software login test.
Additionally, if the port number 20 does not have an open friend, use the command:
[root@hexuweb101 ~] $iptables-A input-p tcp--dport 20-j ACCEPT
When FTP connections are already available, for On the safe side. The port that the passive mode is connected to also opens:
[root@hexuweb101 ~] $iptables-A input-p TCP--dport 1024:-M State--state established,related -j ACCEPT