Open FTP Port # 21st under Linux

1. Run VSFTPD service First:

#service vsftpd Start

2. Open Port # 21st via Iptables

(1) Check the iptables settings first:

#iptables-NL

Chain INPUT (Policy ACCEPT)
Target Prot opt source destination
ACCEPT All – 0.0.0.0/0 0.0.0.0/0 State related,established
ACCEPT ICMP--0.0.0.0/0 0.0.0.0/0
ACCEPT All--0.0.0.0/0 0.0.0.0/0
ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 state NEW TCP dpt:22
REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited//If the above rules are not met, all reject;< /c0>

Chain FORWARD (Policy ACCEPT)
Target Prot opt source destination
REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (Policy ACCEPT)
Target Prot opt source destination

(2) Insert Port 21st into the accept of input

#iptables-I input 5-p tcp--dport 21-j ACCEPT # # Rulenum is 5, in INPUT REJECT All-0.0.0.0/0 0.0.0. 0/0 Reject-with icmp-host-prohibited ago

(3) View after inserting into input's accept

#iptables-NL--line-numbers

Chain INPUT (Policy ACCEPT)
Num Target prot opt source destination
1 ACCEPT All – 0.0.0.0/0 0.0.0.0/0 State related,established
2 ACCEPT ICMP--0.0.0.0/0 0.0.0.0/0
3 ACCEPT All--0.0.0.0/0 0.0.0.0/0
4 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 state NEW TCP dpt:22
5     accept     tcp --  0.0.0.0/0             0.0.0.0/0           TCP dpt:21
6    reject     all --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (Policy ACCEPT)
Num Target prot opt source destination
1 REJECT All--0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (Policy ACCEPT)
Num Target prot opt source destination

3. Telnet IP 21 on the client, verify

Key point: Be sure to place the inserted rule before REJECT All-0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited, no It won't work!!

4. Build FTP Service

Load Ip_conntrack_ftp, finish building

#modprobe ip_conntrack_ftp

Note: in Iptables input "1 ACCEPT All--0.0.0.0/0 0.0.0.0/0 State related,established" can be implemented in PASV mode FTP connection

Reference:

*************************************************************************************************************** ****

The

FTP protocol works in two ways: Port mode and PASV mode, Chinese meaning active and passive.
    Port mode: FTP server:tcp <------client:dynamic FTP server:tcp------>client:dynamic
    PASV mode: FTP server:tcp <----client:dynamic FTP server:tcp Dynamic <----client:dynamic

The     port (Active) connection process is: The client sends a connection request to the server's FTP port (by default, 21), the server accepts the connection, and establishes a command link. When the data needs to be transferred, the client tells the server with the Port command on the command link: "I opened the XXXX port and you came over to connect me." The server then sends a connection request from Port 20 to the client's XXXX port, creating a data link to transmit the data. The
    PASV (passive) connection process is: The client sends a connection request to the server's FTP port (by default, 21), the server accepts the connection, and establishes a command link. When the data needs to be transferred, the server tells the client on the command link with the PASV command: "I opened the XXXX port and you came over to connect me." The client then sends a connection request to the server's XXXX port and establishes a data link to transmit the data.
*********************************************************************************************************** ********