Today I need to build up an Linux server to provide ftp service to my intranet users, I've choose vsftpd as the ftp server because it is default shipped with CentOS. Everything works fine, I can upload and download files through ftp service. Later that I need to secure the server with firewall - iptables of course, the built in firewall for linux - I config the rule to allow tcp destination port :21.
Now I can only logon to ftp sevice and I can not list or download any files. What the hill happen to my server ? After a while calm down, I realize that ftp is a multi ports protocol. It uses port 20/21 for command, and some random port bigger than 1024 for data transfer. Yes, a range of random ports to send or receive data - so to archive this goal, how can I config the iptables to allow these random ports !?
Now I can only logon to ftp sevice and I can not list or download any files. What the hill happen to my server ? After a while calm down, I realize that ftp is a multi ports protocol. It uses port 20/21 for command, and some random port bigger than 1024 for data transfer. Yes, a range of random ports to send or receive data - so to archive this goal, how can I config the iptables to allow these random ports !?