Red Hat Bugzilla – Bug 89528
vsftp does not allow one to configure passive ports
Last modified: 2014-03-16 22:35:54 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021216
Description of problem:
vsftpd does not seem to have a configuration directive allowing you to configure
a passive mode port range.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Actual Results: Passive mode FTP access is broken for those who have tighter
firewalling set up.
Expected Results: Upgrading from RedHat 8.0 to 9.0 gives you an FTP daemon that
is not as configurable. It should be possible to configure passive mode FTP
ports for vsftpd as in wu-ftpd.
One is left with only two options, either open up all port above 1024 to
machines that provide FTP access (not an option really because it's a security
nightmare) or retrofit all systems with wu-ftpd. There seems to be no
documentation in the RedHat linux documentation, and the docs that come with
vsftpd are not very helpful.
I'm going through the source for vsftpd, it seems that on postlogin.c at line
361 it has vars for allowing you to configure a port number, but it's not in
tunables.h or tunables.c or parseconf.c. It seems that it would be trivial to
implement this. It looks like it was left out deliberately for some reason? I
will make a version with this feature in it and see if it work. The logic for
picking a random port seems a little heavy, but I'll leave that for now. The
vars of tunable_pasv_min_port and tunable_pasv_max_port.
Holy cow batman!
I downloaded the vsftpd version 1.1.3 and it doesn't have it, but the redhat
version 1.1.3 does have it.
Okay - it's in the RedHat version
This works great.
Well - I guess that just about does it for that!