![](https://seccdn.libravatar.org/avatar/77cb4da5f72bc176182dcc33f03a18f3.jpg?s=120&d=mm&r=g)
On 2023-04-30 14:31, Carlos E. R. wrote: Hi, The ftp service contemplates only port 21
cer@Telcontar:/usr/lib/firewalld/services> cat ftp.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>FTP</short> <description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description> <port protocol="tcp" port="21"/> <helper name="ftp"/> </service> cer@Telcontar:/usr/lib/firewalld/services>
cer@Telcontar:/usr/lib/firewalld/services> grep " 20/" /etc/services ftp-data 20/tcp # File Transfer [Default Data] [Jon_Postel] ftp-data 20/udp # File Transfer [Default Data] [Jon_Postel] ftp-data 20/sctp # FTP [Randall_Stewart] [RFC4960] cer@Telcontar:/usr/lib/firewalld/services>
Port 20 is used for data transfer, in active mode, so firewalld doesn't support "active ftp", AFAICS. Or is it passive? this article says it is passive which fails: <https://www.getpagespeed.com/server-setup/firewalld-ftp-rule-allow-access-ftp-service-centos-7> <https://serverfault.com/questions/634594/allowing-passive-ftp-connections-in-firewalld-centos-7> <https://docs.deistercloud.com/content/Tutorials.100/Linux.80/Configuration.20/Install%20FTP%20service.12.xml?embedded=true> I heard of this long ago, I thought it would have been solved by now :-( Probably there will be problems with nfs4 as well. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)