Date: Fri, 6 Jan 2012 10:23:11 -0800 From: Malcolm Waltz <mwaltz@PACIFIC.EDU> To: David Magda <dmagda@ee.ryerson.ca> Cc: "freebsd-stable@freebsd.org" <freebsd-stable@freebsd.org> Subject: Re: FTPS Server? Message-ID: <F67EE983-6787-4CFD-B8C4-739E8E3CEA5A@PACIFIC.EDU> In-Reply-To: <00da1657ca8d3a9e26d1f1ed851a2969.squirrel@webmail.ee.ryerson.ca> References: <4F059BEA.3000508@denninger.net> <4F05A7D5.8000403@infracaninophile.co.uk> <4F05AF28.5010900@denninger.net> <3FC253955232794A901643A205013D3617B6F15C@exmb2.stk.pacific.edu> <00da1657ca8d3a9e26d1f1ed851a2969.squirrel@webmail.ee.ryerson.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jan 6, 2012, at 6:48 AM, David Magda wrote:
> On Thu, January 5, 2012 14:28, Malcolm Waltz wrote:
>
>> I've included a working vsftpd.conf below for FTPES. For what you are
>> doing, you may not need all of these parameters. The pasv_ parameters are
>> mostly only necessary if you need to serve data through a NAT/firewall.
>> The pasv_min_port and pasv_max_port will effect how many simultaneous
>> connections can be supported by the server. You may have to try various
>> permutations depending on how EyeFi has implemented their client. If you
>> Google vsftpd.conf, you will probably find various sets of instructions
>> for how to set it up for your needs. It helps if you know exactly what
>> the client is expecting. There are a number of variations on the
>> standard. vsftpd can handle all of them I believe. Also tools like
>> tcpdump, wireshark, netstat and lsof are your friends here.
> [...]
>
> Are/Were there any special settings that needed on your
> firewall/router/NAT box?
>
Nothing special. Inbound access from the Internet to the server on TCP 21 in addition to the full range of ports specified by the pasv_min_port and pasv_max_port in the vsftpd.conf. The host is also running a host-based firewall (pf). Here's the pf.conf line that applies:
pass in quick on $ext_if proto tcp from any to <internal-server-IP> port { 21, <pasv_min_port>:<pasv_max_port> } keep state
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F67EE983-6787-4CFD-B8C4-739E8E3CEA5A>