Henry's Points

Since we need to deal with firewall between FTP clients and server, the following diagram shows that two modes of FTP. So, we can design more accuracy firewall policy by applying different modes.

The following is quoted the pros and cons:

Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

Share on Facebook

Tags: How-to, Linux, Networks by hengdu
No Comments »

I set up a new FTP server by using vsftpd. I observed that I could get file but failed to upload file. After investigation, I found out there are three points I should concern about.

First, write_enable=YES in /etc/vsftpd/vsftpd.conf

Second, system-config-firewall to enable command port 21 and data port 20.

Last, system-config-selinux to set Boolean ftp_home_dir to 1

After service vsftpd restart, I can get and put file in my home directory.

Share on Facebook

Tags: How-to, Linux by hengdu
2 Comments »