A weird problem when setting up a FTP server

**timiao** · 08-05-2009

The OS of this computer is Cent OS 5.2. I want to set up a FTP server using it.
vsftpd service is started already. Now, I can access the FTP server when firewall is closed (service iptables stop). But, When the firewall is open (service iptables start), an error information shows: "425 Failed to establish connection".

The vsftpd.conf, iptables and iptables-precursor files are as followed:
vsftpd.conf:

Code:

anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES

Also, the following commands were appended to the iptables

Code:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

the following commandes were appended to iptables-precursor file

Code:

iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 20 --syn -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d 0/0 --destination-port 21 --syn -j ACCEPT

Any help will be appreciated! thanks~

**sarlacii** · 08-06-2009

Hey there...

You may need to set up a passive port range in your config file (usually 30000 to 50000 if I remember correctly). Then go to your firewall and open up those same ports for passive incoming connections.

This caught me recently. :o) Hope this helps.

**timiao** · 08-06-2009

Thank sarlacii for your reply. I am a newbie about the firewall. Could you tell me how to set up a passive port? Do you mean in the vsftpd.conf file?

Thread Tools

Display

A weird problem when setting up a FTP server

Posting Permissions