Settings of PASV mode and port mode configuration files for vsftp

Ftp mode and data port

There are two types of FTP: Port FTP and pasv ftp. Port FTP is a common form of FTP. The two types of FTP have the same operation when establishing a control connection. They are established by the client first with the control port of the FTP server (default value: 21, and use this link for transmission operation commands. The difference between them is that the data transmission port (ftp-data) is used. Port FTP specifies the port used for data transmission by the FTP server. The default value is 20. Pasv ftp is the data transmission port determined by the FTP client. Pasv ftp is mainly used to communicate with the server in the firewall environment (the data transmission port is included in the data transmission request sent from the client to the server ), it is more convenient to determine the data transmission port between the two.

Port_enable = Yes | No
If you want to cancel port mode during data connection, set this option to No. The default value is yes.

Connetc_from_port_20 = Yes | No
Control whether port 20 (ftp-data) is used for data transmission in Port mode ). Yes, no. The default value is no, but this parameter is set to yes in the vsftpd. conf file that comes with RHL.

Ftp_data_port = port number
Set the ftp-data value. The default value is 20. This parameter is used in Port FTP mode.

Port_promiscuous = Yes | No
The default value is no. If yes, cancel the port security check. This check ensures that the outgoing data can only be connected to the client. Enable this option with caution.

Pasv_enable = Yes | No
Yes. PASV mode is used for data transmission. No. PASV mode is not allowed. The default value is yes.

Pasv_min_port = port number
Pasv_max_port = port number
In PASV mode, the lower and upper bounds of the port range can be used for data transmission. 0 indicates any value. The default value is 0. Setting the port range in a relatively high range, such as 50000-60000 will help improve security.

Pasv_promiscuous = Yes | No
When this option is activated, security checks in PASV mode are disabled. This check ensures that the data connection and control connection come from the same IP address. Enable this option with caution. The only rational use of this option is that it exists in an organization consisting of a security tunnel solution. The default value is no.

Pasv_address =
This option is a digital IP address and serves as a response to the PASV command. The default value is none, that is, the address is obtained from the incoming connection socket (incoming connectd socket.

& Nbsp;

Therefore, if the fire protection field is enabled in Linux, the corresponding port must be opened, for example:

-A input-M state -- state new-p tcp-m tcp -- dport 30000: 31000 -- syn-J accept