Reprint an article from others: http://my.oschina.net/idiotsky/blog/303545
This article is very good, because it tells me how to check the value of the selinux bool variable and settings for FTP. I didn't get my FTP server at the end of the deal, but I didn't think it was going to work. Thank you, this guy.
1. Install VSFTPD components, after installation, there are/etc/vsftpd/vsftpd.conf files, used for configuration, and a new FTP user and FTP group, pointing to the home directory is/var/ftp, the default is Nologin (cannot login system)
?
1
yum -y installvsftpd
You can use the following command to view the user
?
1
cat/etc/passwd
The default FTP service is not started and is started with the following command
?
1
service vsftpd start
2. Install the FTP client component (to verify VSFTPD)
?
1
yum -y installftp
Execute command to try to log in
?
1
ftplocalhost
Enter user name FTP, password (because the default is to allow anonymous)
A successful login means that the FTP service is available.
However, the external network is not accessible, so continue to configure.
3. Cancel Anonymous Login
?
1
vi/etc/vsftpd/vsftpd.conf
Change the anonymous_enable=yes of the first line to No
Restart
?
1
service vsftpd restart
4. Create a new user (Ftpuser is a user name, you can do it casually)
?
1
useraddftpuser
Change Password (enter two times)
?
1
passwdftpuser
Such a user built, you can use this login, remember to use ordinary login do not use Anonymous. The default path after logging in is/home/ftpuser.
5. Open 21 ports
Because the FTP default port is 21, and the CentOS default is not enabled, so to modify the Iptables file
?
1
vi/etc/sysconfig/iptables
On the line there is 22-j ACCEPT below another line input is similar to that row, just change 22 to 21, then: Wq save.
Also run, restart Iptables
?
1
service iptables restart
Outside the network is can access up, but found unable to return to the directory, also upload not, because SELinux mischief.
6. Modifying SELinux
?
1
getsebool -a | grepftp
Execute the above command, and then return the result to see that both lines are off, representing, no open extranet access
?
1
2
3
4
5
....
allow_ftpd_full_access off
....
....
ftp_home_dir off
Just turn it on.
Perform
?
1
2
setsebool -P allow_ftpd_full_access 1
setsebool -P ftp_home_dir off 1
and restart the vsftpd.
?
1
service vsftpd restart
This should be no problem (if, or not, see if the FTP client tool with the Passive mode access, such as the hint entering Passive mode, is Passive mode, the default is not, because the FTP Passive mode is blocked by iptables, the following will talk about how to open, if you do not bother to open, see if you have the client FTP port mode options, or the passive mode option to remove. If the client is still not working, see if the host computer on the client has a firewall turned on.
7. Turn on Passive mode
The default is on, but to specify a port range, open the vsftpd.conf file, and add the following
pasv_min_port=30000
pasv_max_port=30999
Indicates that the port range is 30000~30999, this can be changed arbitrarily.
Restart the vsftpd after the change.
Because this port range is specified, the Iptables also opens the range accordingly, so open the Iptables file as above
Also in 21 up and down on the other side of the line, the more similar, just 21 to 30,000:30,999, then: Wq save, restart the next iptables. So it's done.
I have a day of CentOS today, alas, I really feel small ah
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
