Issues related to configuring your network
-
mahmood
- Posts: 122
- Joined: 2017/06/04 12:21:09
Post
by mahmood » 2018/09/06 11:37:45
Although I have installed and configured vsftpd, it seems that some firewall issues exist because I am not able to connect from a remote machine.
Code: Select all
[root@localhost snadmin]# systemctl status vsftpd
● vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-09-04 11:34:21 +0430; 2 days ago
Main PID: 9158 (vsftpd)
Tasks: 1
CGroup: /system.slice/vsftpd.service
└─9158 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Sep 04 11:34:20 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...
Sep 04 11:34:21 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.
[root@localhost snadmin]# iptables -L | grep ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW
[root@localhost snadmin]# lsmod | grep -i ftp
[root@localhost snad
min]#
Have to say that I get connection timeout message
-
TrevorH
- Site Admin
- Posts: 33202
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2018/09/06 14:00:17
Are you using firewalld (the default on CentOS 7) or plain iptables-services? If using firewalld then make sure you enable it using --add-service=ftp not --add-port=21. The difference is that the service version loads the nf_conntrack_ftp module for you and then tracks ftp connections and opens the right ports automatically for the non-port-21 traffic that ftp uses. If using iptables-services then you need to edit /etc/sysconfig/iptables-config and add nf_conntrack_ftp to the list of modules to be loaded automatically (you can modprobe it manually to make it work without restarting iptables).
-
mahmood
- Posts: 122
- Joined: 2017/06/04 12:21:09
Post
by mahmood » 2018/09/06 15:42:16
So, I added that, but the ftp service is not listed in the public zone.
Code: Select all
[root@localhost snadmin]# firewall-cmd --zone=public --add-service=ftp
success
[root@localhost snadmin]# firewall-cmd --reload
success
[root@localhost snadmin]# firewall-cmd --zone=public --list-services
ssh dhcpv6-client https
And still I get timeout error.
-
TrevorH
- Site Admin
- Posts: 33202
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2018/09/06 18:08:13
You did
firewall-cmd --zone=public --add-service=ftp (adds the service temporarily as no --permanent)
firewall-cmd --reload (throw away all changes and revert to the permanent definition)
-
mahmood
- Posts: 122
- Joined: 2017/06/04 12:21:09
Post
by mahmood » 2018/09/06 18:42:50
Originally, I followed
https://www.liquidweb.com/kb/how-to-ins ... -centos-7/
I also saw other guides and I don't know why they only add port 21 to firewall.
Anyway, I ran
Code: Select all
[root@localhost html]# firewall-cmd --zone=public --add-service=ftp --permanent
success
[root@localhost html]# firewall-cmd --reload
success
[root@localhost html]# firewall-cmd --zone=public --list-service
ssh dhcpv6-client https ftp
Thank you very much.
-
pjsr2
- Posts: 614
- Joined: 2014/03/27 20:11:07
Post
by pjsr2 » 2018/09/06 19:09:33
Be careful when you follow installation instructions that you find on the web and that are written for/by specific hosting or VPS providers. Quite often these use customized versions of CentOS and instructions do not work out well for a real CentOS system.
One of my favorite sources for installation guides is
https://www.server-world.info/en/