I am using the FTP-server vsftpd and the client gFTP.

Now, the ftp-server is running on port 738 and that port is open. So I can connect to my own ftp, other can connect to it and there is no problem for me to connect to others ftps.

But when try to list the content in a dir there are two ways of doing this (afaik): either in passive mode or not.

If I or other people use passive when connecting to my ftp I need to open up a port in the firewall for the ftpd, right?
And if I don't use passive mode then I have to open a port when *I* connect to another ftp?

It seems to me that one port is not enough for FTPs. I have it running on one and only one: 738? But how can I control the "other" port that is being used?

I want to configure the firewall (and ftpd) so I can have my ftp-server running for other to use and so I can connect with my own client to other ftp-servers. But I still want to have a pretty closed firewall.

I am getting confused about what ports ftp-servers and ftp-clients are using. Can anyone help me out here?

FTPs? you mean sftp? SFTP is controlled by SSH and runs on whatever port ssh is running on, as far as PASV and vsftpd there are statements for the config file to specify what PASV ports will be used for data transmission.

pasv_max_port
The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.

Default: 0 (use any port)
pasv_min_port
The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling.

Default: 0 (use any port)

take a look at http://vsftpd.beasts.org/vsftpd_conf.html

Hope this helps,
linux_terror

FTPs is an implementation of the FTP Security Extensions as defined in RFC2228

vsftpd now supports TLS/SSL encryption as of version 2.

As long as your client supports TLS/SSL (gFTP does) you can now authenticate and transfer files with your FTP server in a confidential manner.

Here are some setup details: http://www.brennan.id.au/14-FTP_Server.html

You may also need "modprobe -v ip_conntrack_ftp" to assist with your firewall, depending how its set up.

Regards,

BU.

Thanks. The pasv_min/max_port did it. No I can sleep tight. :P

Sorry about the "FTPs", maby I should have said FTP:s or FTP-servers, or something like that. :P It was just plural.

Thanks anyway, everything is working now. I am thinking of using SSL but then I have to recompile vsftp to support that.