Linux Tutorials - Herong's Tutorial Examples - v5.45, by Herong Yang
Test FTP Access Remotely on CentOS
This section provides a tutorial example on how to update firewall on the vsftpd server (and its firewall gateway if it is served in the cloud) to open ports 21 and 30000-31000 for inbound connections.
To allow users to upload and download files remotely, I need to open the firewall to allow users to upload and download files remotely using the vsftpd server on my CentOS computer.
1. Find the active zone of the firewall:
herong$ sudo firewall-cmd --get-active-zones public interfaces: eno1
2. Add predefined "ftp" settings in the active zone "public" to receive incoming FTP connections.
herong$ sudo firewall-cmd --zone=public --add-service=ftp success
3. Open a range of ports in the active zone to receive incoming FTP passive connections.
herong$ sudo firewall-cmd --zone=public --add-port=30000-31000/tcp success
4. List all settings in the active zone "public":
herong$ sudo firewall-cmd --zone=public --list-all public (active) target: default icmp-block-inversion: no interfaces: eno1 sources: services: cockpit dhcpv6-client ftp http ssh ports: 80/tcp 3306/tcp 30000-31000/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: ...
5. Persist firewall changes to configuration files.
herong$ sudo firewall-cmd --runtime-to-permanent
6. Verify remote access by running an FTP client program on another computer on the same network, assuming that 192.168.1.3 is the IP address of vsftpd server computer.
herong$ ftp 192.168.1.3 Connected to 192.168.1.3. 220 (vsFTPd 3.0.3) Name (192.168.1.3:herong): herong 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 229 Entering Extended Passive Mode (|||30445|) 150 Here comes the directory listing. drwxr-xr-x 2 1000 1000 22 Jul 11 10:03 files 226 Directory send OK. ftp> cd files 250 Directory successfully changed. ftp> dir 229 Entering Extended Passive Mode (|||30768|) 150 Here comes the directory listing. -rw-r--r-- 1 1000 1000 637 Jul 11 10:03 test.txt 226 Directory send OK. ftp> get test.txt local: test.txt remote: test.txt 229 Entering Extended Passive Mode (|||30673|) 150 Opening BINARY mode data connection for test.txt (637 bytes). 100% |*********************************| 637 3.41 MiB/s 00:00 ETA 226 Transfer complete. 637 bytes received in 00:00 (1.08 MiB/s) ftp> exit 221 Goodbye.
Very good. Remote FTP access is ready!
Note that if your server provided by an service provider in the cloud, you need open port 21 and 30000-31000 for inbound connections on the firewall gateway that protects your server.
Table of Contents
Cockpit - Web Portal for Administrator
SELinux - Security-Enhanced Linux
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
►vsftpd - Very Secure FTP Daemon
Setup FTP Sub-Directory for Local Users
Test FTP Access Locally on CentOS
►Test FTP Access Remotely on CentOS
Support FTP Over TLS on CentOS
Disable SSH Access for FTP Users