VSFTP question

I have set up VSFTP on my Redhat 8 box. I've gotten the jist of how it works except for one thing. I've noticed that most sites allow you to, and even prefer for you to, connect using "passive transfer". For some reason my site does not like this. In order for my VSFTP server to be usable you must turn Passive Transfer off. I want my site to comply to the standards out there so I want to allow people to connect using "Passive Transfer". I don't even know what it does...can somebody please enlighten me?

thanks in advance,

--rO

Most people don't know either. There are three major types of FTP transfer: binary, ASCII, and passive. Few people actually choose which method to use; relying upon their FTP client to choose the best method. I don't really know the differences between the methods, and I wouldn't worry about it right now; I've only seen one or two instances where a particular product installation requested you to use Passive mode.

This is only partly right.
There is two types of data streams: Binary and Ascii.
There is two types of ways the data stream is established: Active and passive.

Active FTP says that the client connects to the server on the control port (20) and the server back-connects to the client for the data stream.
In passive FTP, the client does initiate both connections, the server only tells it where it should connect to. This way, a firewall can be in between client and server protecting the client from being connected to

Ascii/Binary is another story.

Oops, sorry. I don't really use that sort of info, so I usually forget it, or garble it.

Thanks so much for the clarification...it really does clear things up a bit.

I am more interested in finding out how to set my server up so that the client can use passive transfers as the default. I don't want to have to tell my clients to turn passive transfers off.

Anybody have any ideas?

--rO

I don't think they will. If they use FTP clients that are up-to-date, they should automatically detect that you won't accept passive and use active by default. Depends upon the FTP client, though. I don't use VSFTP, so I'm sorry I can't help any further

Me neither (using it)... If it is really a configuration issue, i can´t help anymore.

There is only one "generic" thing left: Are you using a firewall on the server? Then you need to activate the ftp-data port (20) too and allow incoming connections on it. (active and passive are switched opposite from the server´s point of view).
Also you need to setup your server to always use ftp-data port for incoming connections. By default, afaik, ftp servers choose arbitrary ports.

... mttatkns, i am using this stuff quite seldomly too. You can tell from that i switched the portnumbers for ftp and ftp-data in my first post ftp control port is 21 of course!

I was wondering about that... lol

thanks for all the help. I figured out my problem. Since the client sends requests on "HIGH" port numbers I had to have those port numbers forwarded to my FTP server on my Router. I'm just curious if anybody knows the exact range of ports used for Passive mode transfers.

--rO

Not quite what ur looking for, but this is a list of all tcp/udp services and what ports they run on

As already said, allowing passive FTP lets people visiting download files without having to reconfigure their firewall, so it makes it easier for the vast majority. Of course all the users have to do on the client end is to open up their firewall to allow incoming data on port 20.

Using passive FTP is easier but the downside is that it's a bigger security risk since more ports are opened up on your side. How much of a bigger risk, I can't say. You also have to configure the vsftpd.conf file to allow for passive transfers.