26.2.5.8. Network Options
The following lists directives which affect how
vsftpd interacts with the network.
accept_timeout— Specifies the amount of time for a client using passive mode to establish a connection.The default value is60.anon_max_rate— Specifies the maximum data transfer rate for anonymous users in bytes per second.The default value is0, which does not limit the transfer rate.connect_from_port_20When enabled,vsftpdruns with enough privileges to open port 20 on the server during active mode data transfers. Disabling this option allowsvsftpdto run with less privileges, but may be incompatible with some FTP clients.The default value isNO. On Red Hat Enterprise Linux 5.10, this option is set toYESin the configuration file.connect_timeout— Specifies the maximum amount of time a client using active mode has to respond to a data connection, in seconds.The default value is60.data_connection_timeout— Specifies maximum amount of time data transfers are allowed to stall, in seconds. Once triggered, the connection to the remote client is closed.The default value is300.ftp_data_port— Specifies the port used for active data connections whenconnect_from_port_20is set toYES.The default value is20.idle_session_timeout— Specifies the maximum amount of time between commands from a remote client. Once triggered, the connection to the remote client is closed.The default value is300.listen_address— Specifies the IP address on whichvsftpdlistens for network connections.There is no default value for this directive.Note
If running multiple copies ofvsftpdserving different IP addresses, the configuration file for each copy of thevsftpddaemon must have a different value for this directive. Refer to Section 26.2.3.1, “Starting Multiple Copies ofvsftpd” for more information about multihomed FTP servers.listen_address6— Specifies the IPv6 address on whichvsftpdlistens for network connections whenlisten_ipv6is set toYES.There is no default value for this directive.Note
If running multiple copies ofvsftpdserving different IP addresses, the configuration file for each copy of thevsftpddaemon must have a different value for this directive. Refer to Section 26.2.3.1, “Starting Multiple Copies ofvsftpd” for more information about multihomed FTP servers.listen_port— Specifies the port on whichvsftpdlistens for network connections.The default value is21.local_max_rate— Specifies the maximum rate data is transferred for local users logged into the server in bytes per second.The default value is0, which does not limit the transfer rate.max_clients— Specifies the maximum number of simultaneous clients allowed to connect to the server when it is running in standalone mode. Any additional client connections would result in an error message.The default value is0, which does not limit connections.max_per_ip— Specifies the maximum of clients allowed to connected from the same source IP address.The default value is0, which does not limit connections.pasv_address— Specifies the IP address for the public facing IP address of the server for servers behind Network Address Translation (NAT) firewalls. This enablesvsftpdto hand out the correct return address for passive mode connections.There is no default value for this directive.pasv_enable— When enabled, passive mode connects are allowed.The default value isYES.pasv_max_port— Specifies the highest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.The default value is0, which does not limit the highest passive port range. The value must not exceed65535.pasv_min_port— Specifies the lowest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.The default value is0, which does not limit the lowest passive port range. The value must not be lower1024.pasv_promiscuous— When enabled, data connections are not checked to make sure they are originating from the same IP address. This setting is only useful for certain types of tunneling.The default value isNO.Warning
Do not enable this option unless absolutely necessary as it disables an important security feature which verifies that passive mode connections originate from the same IP address as the control connection that initiates the data transfer.port_enable— When enabled, active mode connects are allowed.The default value isYES.
