In practice, you can use the following script to set up a secure internal FTP server. of course, you can also use Wireshark to understand the passive and active differences between vsftpd. take the local machine 192.168.0.18 as an example. the script is as follows: #! /Bin/bashiptables-Fiptables-Xiptables-Ziptables-tnat-Fiptable in actual work, you can use the following script to build a secure internal FTP server; of course, you can also use Wireshark to understand the passive and active differences between vsftpd. take the local host 192.168.0.18 as an example. the script is as follows:
# Enable ip forwarding
Echo "1">/proc/sys/net/ipv4/ip_forward
# Some module functions required for loading ftp
Modprobe ip_conntrack_ftp
Modprobe ip_conntrack-tftp
Modprobe ip_nat_ftp
Modprobe ip_nat_tftp
# To be safer, define the default OUTPUT policy as DROP
Iptables-P INPUT DROP
Iptables-P OUTPUT DROP
Iptables-P FORWARD ACCEPT
# Open the lo loopback port of the local machine. it is recommended that you open the loopback Port. otherwise, some inexplicable problems may occur.
Iptables-a input-I lo-j ACCEPT
Iptables-a output-o lo-j ACCEPT
# The following script sets up a secure vsftpd key. the last two scripts allow the server to send a response to the client and connect to the data packet that has been established. because the Passive FTP is complicated, there are six handshakes, so the status is used here.
Iptables-a input-s 192.168.0.0/24-p tcp-dport 21-j ACCEPT
Iptables-a output-d 192.168.0.0/24-p tcp-sport 21-j ACCEPT
Iptables-a input-m state-state RELATED, ESTABLISHED-j ACCEPT
Iptables-a output-m state-state RELATED, ESTABLISHED-j ACCEPT
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.