Open FTP Port # 21st under Linux

1. Perform VSFTPD service first:

#service vsftpd Start

2. Open port No. 21st via Iptables

(1) Check the iptables settings first:

#iptables-NL

Chain INPUT (Policy ACCEPT)
Target Prot opt source destination
ACCEPT All – 0.0.0.0/0 0.0.0.0/0 State related,established
ACCEPT ICMP--0.0.0.0/0 0.0.0.0/0
ACCEPT All--0.0.0.0/0 0.0.0.0/0
ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 state NEW TCP dpt:22
REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited//Assuming the above rules are not met, all reject;< /c0>

Chain FORWARD (Policy ACCEPT)
Target Prot opt source destination
REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (Policy ACCEPT)
Target Prot opt source destination

(2) Insert Port 21st into the accept of input

#iptables-I INPUT 5-p tcp--dport 21-j ACCEPT # # Rulenum is 5. REJECT All-0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited before input

(3) View after inserting into input's accept

#iptables-NL--line-numbers

Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 ACCEPT All – 0.0.0.0/0 0.0.0.0/0 State related,established
2 ACCEPT ICMP--0.0.0.0/0 0.0.0.0/0
3 ACCEPT All--0.0.0.0/0 0.0.0.0/0
4 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 state NEW TCP dpt:22
5     accept     tcp --  0.0.0.0/0             0.0.0.0/0           TCP dpt:21
6    reject     all --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (Policy ACCEPT)
Num Target prot opt source destination
1 REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (Policy ACCEPT)
Num Target prot opt source destination

3, Telnet IP 21 on the client. Verify

Key point: Be sure to place the inserted rule before REJECT All-0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited, no It won't work!

！

4. Build FTP Service

Load IP_CONNTRACK_FTP. Finished building

#modprobe ip_conntrack_ftp

Note: in Iptables input "1 ACCEPT All--0.0.0.0/0 0.0.0.0/0 state related,established" can implement PASV mode FTP connection

Reference:

*************************************************************************************************************** ****

The FTP protocol works in two ways: Port mode and PASV mode, Chinese meaning active and passive.

Port mode: FTP server:tcp <------client:dynamic FTP server:tcp------>client:dynamic
PASV Mode: FTP server:tcp <----client:dynamic FTP server:tcp Dynamic <----client:dynamic

The port (Active) connection process is: The client sends a connection request to the server's FtpPort (default is 21), the server accepts the connection, and establishes a command link. When the data needs to be transferred, the client tells the server on the command link with the port command: "I opened the Xxxxport." You come over to connect me. "

The server then sends a connection request from 20port to the client's xxxxport, creating a data link to transmit the data.

The PASV (passive) connection process is that the client sends a connection request to the server's FtpPort (the default is 21) and the server accepts the connection. Create a command link. When the data needs to be transferred, the server tells the client on the command link with the PASV command: "I opened xxxxport." You come over to connect me. " The client then sends a connection request to the server's xxxxport. Set up a data link to transfer data.
*************************************************************************************************************** ****

Open FTP Port # 21st under Linux