Bug 89528 - vsftp does not allow one to configure passive ports
vsftp does not allow one to configure passive ports
Product: Red Hat Linux
Classification: Retired
Component: vsftpd (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Mike McLean
: Security
Depends On:
  Show dependency treegraph
Reported: 2003-04-23 16:16 EDT by Alex Turner
Modified: 2014-03-16 22:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-04-24 09:58:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Alex Turner 2003-04-23 16:16:35 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021216

Description of problem:
vsftpd does not seem to have a configuration directive allowing you to configure
a passive mode port range.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Start vsftpd

Actual Results:  Passive mode FTP access is broken for those who have tighter
firewalling set up.

Expected Results:  Upgrading from RedHat 8.0 to 9.0 gives you an FTP daemon that
is not as configurable.  It should be possible to configure passive mode FTP
ports for vsftpd as in wu-ftpd.

Additional info:

One is left with only two options, either open up all port above 1024 to
machines that provide FTP access (not an option really because it's a security
nightmare) or retrofit all systems with wu-ftpd.  There seems to be no
documentation in the RedHat linux documentation, and the docs that come with
vsftpd are not very helpful.
Comment 1 Alex Turner 2003-04-24 09:47:07 EDT
I'm going through the source for vsftpd, it seems that on postlogin.c at line
361 it has vars for allowing you to configure a port number, but it's not in
tunables.h or tunables.c or parseconf.c.  It seems that it would be trivial to
implement this.  It looks like it was left out deliberately for some reason?  I
will make a version with this feature in it and see if it work.  The logic for
picking a random port seems a little heavy, but I'll leave that for now.  The
vars of tunable_pasv_min_port and tunable_pasv_max_port.
Comment 2 Alex Turner 2003-04-24 09:55:31 EDT
Holy cow batman!

I downloaded the vsftpd version 1.1.3 and it doesn't have it, but the redhat
version 1.1.3 does have it.

Okay - it's in the RedHat version
Comment 3 Alex Turner 2003-04-24 09:58:58 EDT
Bravo RedHat!

This works great.

Well - I guess that just about does it for that!

Note You need to log in before you can comment on or make changes to this bug.