Centos – How to configure vsftpd to work with passive mode

centosftpvsftpd

Whenever I install vsftpd on centos, I only setup the jail environment for the users and rest is default configuration of vsftpd. I create user and try to connect with filezila ftp client, but I could not connect with passive mode. I always change the transfer settings to active mode to successfully connect to the ftp server otherwise I get 

 Error: Failed to retrieve directory listing

So is there a way to change any directive in vsftp.conf file and we can connect with passive mode to the server?

Best Answer

To configure passive mode for vsftpd you need to set some parameters in vsftpd.conf.

pasv_enable=Yes
pasv_max_port=10100
pasv_min_port=10090

This enables passive mode and restricts it to using the eleven ports for data connections. This is useful as you need to open these ports on your firewall.

iptables -I INPUT -p tcp --destination-port 10090:10100 -j ACCEPT

If after testing this all works then save the state of your firewall with

service iptables save

which will update the /etc/sysconfig/iptables file.

To do this is CentOS 7 you have to use the new firewalld, not iptables:

Find your zone:

# firewall-cmd --get-active-zones
public
  interfaces: eth0

My zone is 'public', so I set my zone to public, add the port range, and after that we reload:

# firewall-cmd --permanent --zone=public --add-port=10090-10100/tcp
# firewall-cmd --reload

What happens when you make a connection

  • Your client makes a connection to the vsftpd server on port 21.

  • The sever responds to the client telling it which port to connect to from the range specified above.

  • The client makes a data connection on the specified port and the session continues.

There is a great explanation of the different ftp modes here.

Related Topic