Bug 89528 - vsftp does not allow one to configure passive ports
Summary: vsftp does not allow one to configure passive ports
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: vsftpd   
(Show other bugs)
Version: 9
Hardware: i686
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Mike McLean
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2003-04-23 20:16 UTC by Alex Turner
Modified: 2014-03-17 02:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-04-24 13:58:58 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Alex Turner 2003-04-23 20:16:35 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021216

Description of problem:
vsftpd does not seem to have a configuration directive allowing you to configure
a passive mode port range.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Start vsftpd

Actual Results:  Passive mode FTP access is broken for those who have tighter
firewalling set up.

Expected Results:  Upgrading from RedHat 8.0 to 9.0 gives you an FTP daemon that
is not as configurable.  It should be possible to configure passive mode FTP
ports for vsftpd as in wu-ftpd.

Additional info:

One is left with only two options, either open up all port above 1024 to
machines that provide FTP access (not an option really because it's a security
nightmare) or retrofit all systems with wu-ftpd.  There seems to be no
documentation in the RedHat linux documentation, and the docs that come with
vsftpd are not very helpful.

Comment 1 Alex Turner 2003-04-24 13:47:07 UTC
I'm going through the source for vsftpd, it seems that on postlogin.c at line
361 it has vars for allowing you to configure a port number, but it's not in
tunables.h or tunables.c or parseconf.c.  It seems that it would be trivial to
implement this.  It looks like it was left out deliberately for some reason?  I
will make a version with this feature in it and see if it work.  The logic for
picking a random port seems a little heavy, but I'll leave that for now.  The
vars of tunable_pasv_min_port and tunable_pasv_max_port.

Comment 2 Alex Turner 2003-04-24 13:55:31 UTC
Holy cow batman!

I downloaded the vsftpd version 1.1.3 and it doesn't have it, but the redhat
version 1.1.3 does have it.

Okay - it's in the RedHat version

Comment 3 Alex Turner 2003-04-24 13:58:58 UTC
Bravo RedHat!

This works great.

Well - I guess that just about does it for that!

Note You need to log in before you can comment on or make changes to this bug.