Configuring Linux firewalls and routers for vsftp on a
non-standard port
Thomas Charron
twaffle at gmail.com
Thu Mar 29 13:49:57 EDT 2007
On 3/29/07, Ted Roche <tedroche at tedroche.com> wrote:
> # Added 29-Mar-2007 to put vsftpd on a non-standard port
> listen_port=8021
> pasv_address=aa.bbb.cc.dd
> pasv_max_port=8029
> pasv_min_port=8023
> I also changed the hardware router to forward ports 8023-8029 to the
> machine, and IPTables to allow them through.
> My question: Why did I have to add the passive address and port range to
> the ftp server to get it to work? When it was on the standard ftp port,
> it worked fine without the passive address and ports specified.
My guess is the box was automatically performing some NAT on the
port 21 packets fixing them to be correct, and allowing port access as
well. Just a guess.
Linux has several masq modules which do this when using ip masqurading.
--
-- Thomas
More information about the gnhlug-discuss
mailing list