vsftpd, passive xfer, and firewall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 12/29/05, Andrew Rice <andrew@xxxxxxxx> wrote:
> Hey there,
>
> Would anyone care to help me out on where to go for configuring vsftpd for passive ftp transfer?
> im pretty sure that I will have to enable a rule in the firewall..am I right?

There are a couple things you need to do.

1. In your vsftpd.conf set the pasv_min_port and pasv_max_port values.
This should be in a range, and for home systems with only a couple
users is fine at around 5-10 ports. These ports need to be over 1024.
example: 1025-1035

2. enable ftp_conntrack in /etc/sysconfig/iptables-config

3. Edit firewall rules to taste, allowing for connection tracking and
keeping your 5-10 port range open.

Technically with connection tracking you shouldn't need the port range
open in iptables, but I've seen some wierdness with it timing things
out occasionally. having both is belt& suspenders, but it works.
--
Jim Perrin
System Architect - UIT
Ft Gordon & US Army Signal Center
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux