CentOS+iptables+proftpd(passive mode)

cifan

CentOS+iptables+proftpd(passive mode)

应用环境  CentOS4
proftp

vi proftpd.conf
[code]
PassivePorts min-pasv-port max-pasv-port
[/code]
[code]
PassivePorts 60000 65000
[/code]

Min-pasv-port must be port >= 1024.

iptables

[code]
iptables -F
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 21,22 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 60000:65000 --syn -j ACCEPT
[/code]

[root@sing2 ~]# iptables -L
Chain INPUT (policy DROP)
target    prot opt source             destination
ACCEPT    tcp  --  anywhere          anywhere          multiport dports ftp,ssh,mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpts:60000:65000 flags:SYN,RST,ACK/SYN
ACCEPT    all  --  anywhere          anywhere
ACCEPT    all  --  anywhere          anywhere          state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination

[[i] 本帖最后由 cifan 于 2007-12-11 20:16 编辑 [/i]]

cifan

此服务器提供软件下载

对外只开放ssh和ftp

cifan

参考
[url]http://gentoo-wiki.com/HOWTO_ProFTPD#Passive_Mode[/url]

tspy007

用端口查看软件确定下PROFTPD的端口呀

上一篇：互联网加速专线使你视频会议更清晰下一篇：purftpd日志文件

悠悠博客 (讨论区存档) — 技术永无止尽，未来事在人为

CentOS+iptables+proftpd(passive mode)

Copyright 2005-2007 悠悠博客 All Rights Reserved.