emscom > emscom Help Desk > Knowledgebase

Search help:

FirewallD custom ftpd port



FirewallD is the zone based netfilter configuration tool shipped with CentOS / RHEL 7.  Various standard service definitions are distributed with FirewallD, in the lib/firewalld/services directory.  In most cases running a daemon service on a custom port is simply a matter of copying the standard service xml file to /etc/firewalld/services, editing in Nano [whatever] and adding to the active zone [default is public]

 firewall-cmd --permanent --new-service-from-file=/lib/firewalld/services/https.xml --name=webmin

 nano /etc/firewalld/services/webmin.xml


Ftpd PASV and nf_conntrack_ftp

For the ftpd service to function in PASV mode,  additional ports need to be opened dynamically when initiating the data channel.  This is achieved by the nf_conntrack_ftp kernel module being trigger.  For the purpose of securing ftpd on a custom port, copying the ftp.xml service file will include the nf_conntrack_ftp module however, further configuration is required before the module will trigger on connection to the custom control channel port.

The configuration change can be made to an actively running system but will be lost during shutdown

modprobe nf_conntrack_ftp ports=<port> 

Multiple ports may be specified as a comma separated list without white space, for example

modprobe nf_conntrack_ftp ports=21,2221

To make the configuration permanent requires a configuration file to be created, for example


 options nf_conntrack_ftp ports=21,2221



Was this article helpful? yes / no
Related articles Windows 2012 Interact With Desktop
ESXi 6 firewall configuration
Article details
Article ID: 96
Category: Linux
Date added: 11-03-2017 11:27:23
Views: 621
Rating (Votes): Article not rated yet (0)

« Go back

Powered by Help Desk Software HESK, in partnership with SysAid Technologies