Re: Firewall issues with setting up vsftp server
From: Terry Linhardt (linhardt_at_swbell.net)
Date: 12/11/04
- Previous message: Aleksandar Milivojevic: "Re: installing on a network question"
- In reply to: jiio49: "Re: Firewall issues with setting up vsftp server"
- Next in thread: Alexander Dalloz: "Re: Firewall issues with setting up vsftp server"
- Reply: Alexander Dalloz: "Re: Firewall issues with setting up vsftp server"
- Reply: Aleksandar Milivojevic: "Re: Firewall issues with setting up vsftp server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 11 Dec 2004 12:04:32 -0600 To: jiio49@yahoo.com, For users of Fedora Core releases <fedora-list@redhat.com>
jiio49 wrote:
>I believe the first issue is that you don't have a port range set in the vsftpd config file (usually in /etc/vsftpd/vsftpd.conf). That is, you just have passive connect mode turned on. A way to fix this would be to set a port range for passive connections in vsftpd.conf and allow access to this port range on your firewall. Below is an example allowing passive mode connections for ports 30000-33333. You can add this to your config script and modify the port range as you like, then allow connections to the port range in your firewall settings. for more options for configuring it go to (http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1-ftp-vsftpd-conf.html)
>
>Example:
>
>#When enabled, passive mode connects are allowed. The default value is YES.
>pasv_enable=YES
>#
>#Specifies the highest possible port sent to the FTP clients for passive mode connections. This setting
>#is used to limit the port range so that firewall rules are easier to create. The default value is 0,
>#which does not limit the highest passive port range. The value must not exceed 65535.
>pasv_max_port=33333
>#Specifies the lowest possible port sent to the FTP clients for passive mode connections. This setting
>#is used to limit the port range so that firewall rules are easier to create. The default value is 0,
>#which does not limit the lowest passive port range. The value must not be lower 1024.
>pasv_min_port=30000
>
>
>
>
YES! This solution works.
Although I had read through the vsftpd.conf file, I did NOT see a
reference to port ranges for passive mode. After reading the link you
provided, I found there are a LOT of options to vsftpd that I didn't
know about. :) So, I simply added the pasv_min_port and pasv_max_port to
my vsftpd.conf file, restarted the daemon, and added the port range to
iptables and....all is good. THANK YOU!
Terry
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Aleksandar Milivojevic: "Re: installing on a network question"
- In reply to: jiio49: "Re: Firewall issues with setting up vsftp server"
- Next in thread: Alexander Dalloz: "Re: Firewall issues with setting up vsftp server"
- Reply: Alexander Dalloz: "Re: Firewall issues with setting up vsftp server"
- Reply: Aleksandar Milivojevic: "Re: Firewall issues with setting up vsftp server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
