Question: I’ve vsftpd ftp server configured under FreeBSD 7.x and PF firewall. Both PF and FTP server running on a dedicated FreeBSD web server. How do I configure PASSIVE FTP PF firewall configuration so that my vsftpd work? How do I configure PF firewall to protect an FTP server and open port 21?
Answer: You can easily open port with PF firewall. However, you need to make few changes to VSFTPD server itself. When servicing a passive FTP connection, FTP will use a randomly chosen, high TCP port for incoming data. Open vsftpd.conf file:
# vi /usr/local/etc/vsftpd.conf
Append following two config directive to setup ftp port ranges:
pasv_min_port=49152
pasv_max_port=65535
Save and close the file. Restart vsftpd:
# /usr/local/etc/rc.d/vsftpd restart
PF firewall configuration – Open port 21
Open pf.conf file:
# vi /etc/pf.conf
Append following two rules (202.54.1.2 is FTP server IP address):
pass in on $ext_if proto tcp from any to 202.54.1.2 port 21 flags S/SA synproxy state
pass in on $ext_if proto tcp from any to 202.54.1.2 port > 49151 keep state
Make sure outgoing connection tracking also exists:
# keep stats of outgoing connections
pass out keep state
Save and close the file. Reload PF firewall:
# /etc/rc.d/pf reload
🐧 1 comment so far... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
How can i block port 22 to public and allow to specific ip address in pf firewall