Firewall issues with setting up vsftp server
Aleksandar Milivojevic
amilivojevic at pbl.ca
Mon Dec 13 15:06:22 UTC 2004
Terry Linhardt wrote:
> YES! This solution works.
> Although I had read through the vsftpd.conf file, I did NOT see a
> reference to port ranges for passive mode. After reading the link you
> provided, I found there are a LOT of options to vsftpd that I didn't
> know about. :) So, I simply added the pasv_min_port and pasv_max_port to
> my vsftpd.conf file, restarted the daemon, and added the port range to
> iptables and....all is good. THANK YOU!
As I already wrote once in this thread, unless you are using FTP over
SSL, do not open the range of ports. If you are using plain FTP (which
I believe you are using), load ip_conntrack_ftp module (and ip_nat_ftp
if NAT is in use on the firewall) and use it in combination with RELATED
state match.
There is really no point in making your firewall rules less strict (by
opening range of ports when it is not needed).
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the fedora-list
mailing list