Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 07-30-2009, 11:08 AM   #1
LQ Newbie
Registered: Aug 2008
Posts: 24

Rep: Reputation: 0
vsFTPd, firewall, and passive ports - A quick question

We have an Ubuntu 9.04 box that is operating as just an FTP server with vsFTPd.

UFW currently allows ports 20,21,22 (for ssh) denying all others. My question... do we need to set the firewall to allow all the ports in the passive port range for passive transfers?

It seems like a stupid question, but it appears that passive transfers work even with those post not being explicitly open. Hence the confusion.

Old 07-30-2009, 11:44 AM   #2
Registered: Nov 2008
Location: Québec, Canada
Distribution: Debian, Devuan, Slackware, Trisquel, *BSD
Posts: 127

Rep: Reputation: 44
Normally you would use the iptables FTP connection tracking module so you don't have to worry about opening high ports for the data channel. My guess is ufw is already using this module for you (you can check with lsmod). As an example, here is how you would allow inbound FTP without ufw. The high-port traffic gets accepted by the ESTABLISHED,RELATED rule.

/sbin/modprobe ip_conntrack_ftp
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 --m state --state NEW -j ACCEPT


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD mode lapzlinux Linux - Networking 4 08-06-2011 02:54 AM
Quick VSFTPD performance Question HavocStyles Linux - Server 1 11-21-2008 12:07 AM
Um, quick question about ports. nomb Debian 9 07-08-2007 03:05 PM
quick question about ports jp-lack Slackware 6 07-09-2005 10:23 PM
vsftpd + passive ports range connexion problem ashokleyland Linux - Networking 1 01-03-2005 01:57 PM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:58 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration