On 12/29/05, Andrew Rice andrew@nams.net wrote:
Hey there,
Would anyone care to help me out on where to go for configuring vsftpd for passive ftp transfer? im pretty sure that I will have to enable a rule in the firewall..am I right?
There are a couple things you need to do.
1. In your vsftpd.conf set the pasv_min_port and pasv_max_port values. This should be in a range, and for home systems with only a couple users is fine at around 5-10 ports. These ports need to be over 1024. example: 1025-1035
2. enable ftp_conntrack in /etc/sysconfig/iptables-config
3. Edit firewall rules to taste, allowing for connection tracking and keeping your 5-10 port range open.
Technically with connection tracking you shouldn't need the port range open in iptables, but I've seen some wierdness with it timing things out occasionally. having both is belt& suspenders, but it works. -- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center