Firewall issues with setting up vsftp server

[Terry Linhardt]

jiio49 wrote:

>I believe the first issue is that you don't have a port range set in the vsftpd config file (usually in /etc/vsftpd/vsftpd.conf). That is, you just have passive connect mode turned on. A way to fix this would be to set a port range for passive connections in vsftpd.conf and allow access to this port range on your firewall. Below is an example allowing passive mode connections for ports 30000-33333. You can add this to your config script and modify the port range as you like, then allow connections to the port range in your firewall settings. for more options for configuring it go to (http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/ref-guide/s1-ftp-vsftpd-conf.html)
>
>Example:
>
>#When enabled, passive mode connects are allowed. The default value is YES.
>pasv_enable=YES
>#
>#Specifies the highest possible port sent to the FTP clients for passive mode connections. This setting 
>#is used to limit the port range so that firewall rules are easier to create. The default value is 0, 
>#which does not limit the highest passive port range. The value must not exceed 65535.
>pasv_max_port=33333
>#Specifies the lowest possible port sent to the FTP clients for passive mode connections. This setting 
>#is used to limit the port range so that firewall rules are easier to create. The default value is 0, 
>#which does not limit the lowest passive port range. The value must not be lower 1024.
>pasv_min_port=30000
>
>
>  
>
YES! This solution works.
Although I had read through the vsftpd.conf file, I did NOT see a 
reference to port ranges for passive mode. After reading the link you 
provided, I found there are a LOT of options to vsftpd that I didn't 
know about. :) So, I simply added the pasv_min_port and pasv_max_port to 
my vsftpd.conf file, restarted the daemon, and added the port range to 
iptables and....all is good. THANK YOU!  

Terry