как сделать kmod-меньше FTP на “песнях как” vps?
FTP comes in two varieties - active and passive. With active FTP the server requires ports 20 (data) and 21 (commands) open - it is easier to setup on the server, but harder to setup for the client (since the server initiates a connection back to the client). Testing active FTP is sometimes a good starting point to determine if your server's firewall is the cause of your problems.
Passive FTP is typically more universally compatible since the connections are established by the client. However, it requires port 21 (the command port) and another high numbered port to be open (for data transfer). Most FTP servers will allow you to specify a port range that will be used for passive FTP.
See this site for a good overview of the differences between active and passive FTP.
Kmods typically add features - by verifying that ACCEPT'ing all connections resolves your issue, you have largely shown that you do not need a kmod in this instance, but that there are simply some necessary ports that are blocked.
In your FTP config, setup the appropriate directives to define the passive port range that will be used, and then open these same ports in iptables, and you should be good to go.
PureFTPd:
There is a directive PassivePortRange:
PassivePortRange min_port max_port
vsFTPd:
There are two directives pasv_max_port and pasv_min_port:
pasv_max_port=xxxxx
pasv_min_port=xxxxx
You also need to enable passive FTP with pasv_enable=YES.
By default, vsFTPd reads the configuration from /etc/vsftpd.conf (so you should put the directives there - check that they don't already exist though). It is possible, however, to override the default config location by passing a different file path to vsFTPd on the command line (which one of your init scripts might do).
Once you have specified the necessary ports, you can add them in a single ipTables command with:
iptables -A INPUT -p tcp -m tcp --dport xxxxx:xxxxx -j ACCEPT
(Note: FTP is exclusively TCP - you do not need to enable UDP)