vsftpd and firewall

Issues related to configuring your network
Post Reply
mahmood
Posts: 87
Joined: 2017/06/04 12:21:09

vsftpd and firewall

Post by mahmood » 2018/09/06 11:37:45

Although I have installed and configured vsftpd, it seems that some firewall issues exist because I am not able to connect from a remote machine.

Code: Select all

[root@localhost snadmin]# systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-09-04 11:34:21 +0430; 2 days ago
 Main PID: 9158 (vsftpd)
    Tasks: 1
   CGroup: /system.slice/vsftpd.service
           └─9158 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Sep 04 11:34:20 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...
Sep 04 11:34:21 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.
[root@localhost snadmin]# iptables -L | grep ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp ctstate NEW
[root@localhost snadmin]# lsmod | grep -i ftp
[root@localhost snad
min]#

Have to say that I get connection timeout message

User avatar
TrevorH
Forum Moderator
Posts: 23894
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd and firewall

Post by TrevorH » 2018/09/06 14:00:17

Are you using firewalld (the default on CentOS 7) or plain iptables-services? If using firewalld then make sure you enable it using --add-service=ftp not --add-port=21. The difference is that the service version loads the nf_conntrack_ftp module for you and then tracks ftp connections and opens the right ports automatically for the non-port-21 traffic that ftp uses. If using iptables-services then you need to edit /etc/sysconfig/iptables-config and add nf_conntrack_ftp to the list of modules to be loaded automatically (you can modprobe it manually to make it work without restarting iptables).
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

mahmood
Posts: 87
Joined: 2017/06/04 12:21:09

Re: vsftpd and firewall

Post by mahmood » 2018/09/06 15:42:16

So, I added that, but the ftp service is not listed in the public zone.

Code: Select all

[root@localhost snadmin]# firewall-cmd --zone=public  --add-service=ftp
success
[root@localhost snadmin]# firewall-cmd --reload
success
[root@localhost snadmin]# firewall-cmd --zone=public --list-services
ssh dhcpv6-client https
And still I get timeout error.

User avatar
TrevorH
Forum Moderator
Posts: 23894
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd and firewall

Post by TrevorH » 2018/09/06 18:08:13

You did

firewall-cmd --zone=public --add-service=ftp (adds the service temporarily as no --permanent)
firewall-cmd --reload (throw away all changes and revert to the permanent definition)
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

mahmood
Posts: 87
Joined: 2017/06/04 12:21:09

Re: vsftpd and firewall

Post by mahmood » 2018/09/06 18:42:50

Originally, I followed https://www.liquidweb.com/kb/how-to-ins ... -centos-7/
I also saw other guides and I don't know why they only add port 21 to firewall.

Anyway, I ran

Code: Select all

[root@localhost html]# firewall-cmd --zone=public --add-service=ftp --permanent
success
[root@localhost html]# firewall-cmd --reload
success
[root@localhost html]# firewall-cmd --zone=public --list-service
ssh dhcpv6-client https ftp
Thank you very much.

pjsr2
Posts: 343
Joined: 2014/03/27 20:11:07

Re: vsftpd and firewall

Post by pjsr2 » 2018/09/06 19:09:33

Originally, I followed https://www.liquidweb.com/kb/how-to-ins ... -centos-7/
Be careful when you follow installation instructions that you find on the web and that are written for/by specific hosting or VPS providers. Quite often these use customized versions of CentOS and instructions do not work out well for a real CentOS system.

One of my favorite sources for installation guides is https://www.server-world.info/en/

Post Reply