Difference between revisions of "Talk:Very Secure FTP Daemon"

From ArchWiki
Jump to: navigation, search
(Examples for configuring vsftpd)
Line 43: Line 43:
  
 
--[[User:IncredibleLaser|IncredibleLaser]] 08:53, 31 January 2009 (EST)
 
--[[User:IncredibleLaser|IncredibleLaser]] 08:53, 31 January 2009 (EST)
 +
 +
 +
== ip_conntrack_ftp module ==
 +
 +
I found that I need to load ip_conntrack_ftp module so I can connect to the server in Passive Mode and with iptables running.
 +
 +
If iptables is configured in a stateful firewall manner, then some connections in FTP won't be allowed. I found that loading the ip_conntrack_ftp module on the kernel workder.
 +
 +
--[[User:Jstitch|Jstitch]] 17:35, 1 June 2011 (EDT)

Revision as of 21:35, 1 June 2011

What is the advantage of using the xinitd approach over adding vsftpd to the Daemon list?

And also, # pacman -S xinitd xinitd: not found in sync db

What is xinitd?



Could one add a column that explains the security in /etc/hosts.allow like there is in the ssh wiki page:

/etc/hosts.allow

# let everyone connect to you
vsftpd: ALL

# OR you can restrict it to a certain ip
vsftpd: 192.168.0.1

# OR restrict for an IP range
vsftpd: 10.0.0.0/255.255.255.0

# OR restrict for an IP match
vsftpd: 192.168.1.

--Burra 17:11, 11 June 2008 (EDT)


/etc/hosts.allow / deny

Starting vsftpd from xinetd and solo tells me that the /etc/hosts.allow / deny are only used when the vsftpd is started from xinetd.

My addition about "PAM with 'virtual users'"

I don't even know if I've done it the right way, and its the first time ever I do something like this. Hence please give feedback on the quality of it, and let me know if I've done some mistakes.

-- KimTjik

Examples for configuring vsftpd

I'm running a private ftp-server here which has some additional features which might not be needed for everyone, like PAM with postgres as backend, IP-based-rules and per-user-settings. Would it make sense to add instructions for this to the wiki, or is it too special?

--IncredibleLaser 08:53, 31 January 2009 (EST)


ip_conntrack_ftp module

I found that I need to load ip_conntrack_ftp module so I can connect to the server in Passive Mode and with iptables running.

If iptables is configured in a stateful firewall manner, then some connections in FTP won't be allowed. I found that loading the ip_conntrack_ftp module on the kernel workder.

--Jstitch 17:35, 1 June 2011 (EDT)