[b]方法一:关闭防火墙 [/b]
[code="java"]# /etc/rc.d/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
# [/code]
[b]方法二:选择主动模式,配置iptables[/b]
客户连接 TCP/21,服务器通过 TCP/20 连接客户的随机端口 。这种情况下,通过状态防火墙可以解决。
iptables中配置vsftp
问题:配置iptables后,能够登录到vsftpd服务器,但ls列目录失败(超时)。
[code="java"]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall
[code="java"]# /etc/rc.d/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
# [/code]
[b]方法二:选择主动模式,配置iptables[/b]
客户连接 TCP/21,服务器通过 TCP/20 连接客户的随机端口 。这种情况下,通过状态防火墙可以解决。
iptables中配置vsftp
问题:配置iptables后,能够登录到vsftpd服务器,但ls列目录失败(超时)。
[code="java"]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall