LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page vsFTPd, firewall, and passive ports - A quick question
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 07-30-2009, 10:08 AM   #1
ddc441
LQ Newbie
 
Registered: Aug 2008
Posts: 24

Rep: Reputation: 0
vsFTPd, firewall, and passive ports - A quick question

We have an Ubuntu 9.04 box that is operating as just an FTP server with vsFTPd.

UFW currently allows ports 20,21,22 (for ssh) denying all others. My question... do we need to set the firewall to allow all the ports in the passive port range for passive transfers?

It seems like a stupid question, but it appears that passive transfers work even with those post not being explicitly open. Hence the confusion.

Thanks!
 
Old 07-30-2009, 10:44 AM   #2
thinknix
Member
 
Registered: Nov 2008
Distribution: Lots!
Posts: 178

Rep: Reputation: 58
Normally you would use the iptables FTP connection tracking module so you don't have to worry about opening high ports for the data channel. My guess is ufw is already using this module for you (you can check with lsmod). As an example, here is how you would allow inbound FTP without ufw. The high-port traffic gets accepted by the ESTABLISHED,RELATED rule.

Code:
/sbin/modprobe ip_conntrack_ftp
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 --m state --state NEW -j ACCEPT
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD question...active/passive mode lapzlinux Linux - Networking 4 08-06-2011 01:54 AM
Quick VSFTPD performance Question HavocStyles Linux - Server 1 11-20-2008 11:07 PM
Um, quick question about ports. nomb Debian 9 07-08-2007 02:05 PM
quick question about ports jp-lack Slackware 6 07-09-2005 09:23 PM
vsftpd + passive ports range connexion problem ashokleyland Linux - Networking 1 01-03-2005 12:57 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:56 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration