Record: vsftpd uses PASV Mode Under Nat firewall in vmware

Record: vsftpd installed a vmwarevm on the server using PASV Mode Under Nat firewall in vmware, and then built a Centos5.4 Linux system. To configure an ftp server, use vsftpd. The network environment is like this: the server has a fixed IP address, so you need to connect to Centos under the virtual machine using nat. Vsftpd adopts the passive mode (pasv), and the listening port uses the default 21. The data communication high port uses 9010-9015 to open these ports on the linux firewall. The command is as follows: /sbin/iptables-I input-p tcp -- dport 21-j ACCEPTT/sbin/iptables-I input-p tcp -- dport 9010-j ACCEPT/sbin/iptables-I INPUT- p tcp -- dport 9011-j ACCEPT/sbin/iptables-I input-p tcp -- dport 9012-j ACCEPT/sbin/iptables-I INPUT-p tcp -- dport 9013-j ACCEPT /sbin/iptables-I input-p tcp -- dport 9014-j ACCEPT/sbin/iptables-I INPUT-p tcp -- dport 9015-j ACCEPT/etc/rc. d/init. d/iptables Save/etc/init. d/iptables status Configuration File:/etc/vsftpd. pasv section related to conf: pasv_enable = YESpasv_min_port = 9010pasv_max_port = 9015 and then perform nat port ing on the virtual machine. Server 9021-> VM 21 server 9010-> VM 9010 server 9011-> VM 9011 server 9012-> VM 9012 server 9013-> VM 9013 server 9014-> VM 9014 server 9015-> add ftp users to VM 9015, process omitted. Then, use flashfxp to log on to the vsftpd of the VM (using the internal IP address, 192.168.17.128) on the server. No problem occurs, and the data connection port is also between 9010 and 9015. Then, use flashfxp in the notebook to connect to vsftpd, fill in the real IP address of the server, and enter 9021 mapped to the nat port to start the connection. You can log on to the user, but open the data port in the list, it is not set to 9010-9015, but random, such as 10534 or something, resulting in the failure to list and transmit data. Later, Google added two parameters pasv_address = example. hostname. compasv_addr_resolve = YES to the/etc/vsftpd. conf configuration file to restart vsftpd. Later, I changed port 21 of ftp to port 9011, data port 9012 to port 9015, and port 9011 of ftp client. The connection was normal. The final configuration is as follows: listen_port = 9011pasv_enable = YESpasv_min_port = 9012pasv_max_port = 9015pasv_addr_resolve = YESpasv_address = example.hostname.com pasv_address is the real server address. I guess the problem is that the port ing server is 9021-> Virtual Machine 21. If it is server 21-> Virtual Machine 21, there may be no problems, but port 21 has been occupied by the server and is not tested. Port 9010 to port 9015 are directly mapped and there is no port conversion in the middle, so it can be used normally.