[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Firewall issues with setting up vsftp server



Terry Linhardt wrote:
YES! This solution works.
Although I had read through the vsftpd.conf file, I did NOT see a reference to port ranges for passive mode. After reading the link you provided, I found there are a LOT of options to vsftpd that I didn't know about. :) So, I simply added the pasv_min_port and pasv_max_port to my vsftpd.conf file, restarted the daemon, and added the port range to iptables and....all is good. THANK YOU!

As I already wrote once in this thread, unless you are using FTP over SSL, do not open the range of ports. If you are using plain FTP (which I believe you are using), load ip_conntrack_ftp module (and ip_nat_ftp if NAT is in use on the firewall) and use it in combination with RELATED state match.


There is really no point in making your firewall rules less strict (by opening range of ports when it is not needed).

--
Aleksandar Milivojevic <amilivojevic pbl ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]