PF Firewall Open FTP Port 21 (PASSIVE Configu…

Question:I've
[url=javascript:;]vsftpd[/url]

[url=javascript:;]ftp[/url]
server configured under
[url=javascript:;]FreeBSD[/url]
7.x andPF firewall. Both PF and FTP server running on a dedicated FreeBSD web server. How do I configure
PASSIVE
FTP PF firewallconfiguration so that my vsftpd work? How do I configurePF firewall to protect an FTP server and open port 21?
Answer:You can easily open port with PF firewall. However, you need to make few changes to VSFTPD server itself. When servicing a passive FTP connection, FTP will use a randomly chosen, high TCP port for incoming data. Open vsftpd.conf file:
# vi /usr/local/etc/vsftpd.conf
Append following two config directive to setup ftp port ranges:
pasv_min_port=49152
pasv_max_port=65535
Save and close the file. Restart vsftpd:
# /usr/local/etc/rc.d/vsftpd restart
PF firewall configuration - Open port 21
Open pf.conf file:
# vi /etc/pf.conf
Append following two rules (202.54.1.2 is FTP server IP address):
pass in on $ext_if proto tcp from any to 202.54.1.2 port 21 flags S/SA synproxy state
pass in on $ext_if proto tcp from any to 202.54.1.2 port > 49151 keep state
Make sure outgoing connection tracking also exists:
# keep stats of outgoing connections
pass out keep state
Save and close the file. Reload PF firewall:
# /etc/rc.d/pf reload


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/4206/showart_1386026.html

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有