linux文件传输-开启ftp的21端口

1、先运行vsftpd服务：

% service vsftpd start

2、通过iptables开放21号端口

(1)　先查看iptables设置：

% iptables -nL

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited //如果不满足以上规则，则统统reject;
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination

(2) 将21号端口插入到INPUT的ACCEPT中

% iptables -I INPUT 5 -p tcp --dport 21 -j ACCEPT
## rulenum为5 ，在INPUT中REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited之前

(3)插入到INPUT的ACCEPT后查看

% iptables -nL --line-numbers

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

3、 在客户端上telnet ip 21，验证

关键点：一定要将插入的规则放在REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 之前，否则不会起作用！！

解决ftp上传失败问题：vsftpd默认是不可写的，需要修改配置文件

% vim /etc/vsftpd.conf
write_eable = YES

！！重启vsftpd服务

/etc/init.d/vsftpd  restart  或者
service vsftpd restart