15.5.8. Network Options

The following lists directives which affect how vsftpd interacts with the network.
  • accept_timeout — Specifies the amount of time for a client using passive mode to establish a connection.
    The default value is 60.
  • anon_max_rate — Specifies the maximum data transfer rate for anonymous users in bytes per second.
    The default value is 0, which does not limit the transfer rate.
  • connect_from_port_20 When enabled, vsftpd runs with enough privileges to open port 20 on the server during active mode data transfers. Disabling this option allows vsftpd to run with less privileges, but may be incompatible with some FTP clients.
    The default value is NO. Note, in Red Hat Enterprise Linux, the value is set to YES.
  • connect_timeout — Specifies the maximum amount of time a client using active mode has to respond to a data connection, in seconds.
    The default value is 60.
  • data_connection_timeout — Specifies maximum amount of time data transfers are allowed to stall, in seconds. Once triggered, the connection to the remote client is closed.
    The default value is 300.
  • ftp_data_port — Specifies the port used for active data connections when connect_from_port_20 is set to YES.
    The default value is 20.
  • idle_session_timeout — Specifies the maximum amount of time between commands from a remote client. Once triggered, the connection to the remote client is closed.
    The default value is 300.
  • listen_address — Specifies the IP address on which vsftpd listens for network connections.
    There is no default value for this directive.

    Note

    If running multiple copies of vsftpd serving different IP addresses, the configuration file for each copy of the vsftpd daemon must have a different value for this directive. Refer to Section 15.4.1, “Starting Multiple Copies of vsftpd for more information about multihomed FTP servers.
  • listen_address6 — Specifies the IPv6 address on which vsftpd listens for network connections when listen_ipv6 is set to YES.
    There is no default value for this directive.

    Note

    If running multiple copies of vsftpd serving different IP addresses, the configuration file for each copy of the vsftpd daemon must have a different value for this directive. Refer to Section 15.4.1, “Starting Multiple Copies of vsftpd for more information about multihomed FTP servers.
  • listen_port — Specifies the port on which vsftpd listens for network connections.
    The default value is 21.
  • local_max_rate — Specifies the maximum rate data is transfered for local users logged into the server in bytes per second.
    The default value is 0, which does not limit the transfer rate.
  • max_clients — Specifies the maximum number of simultaneous clients allowed to connect to the server when it is running in standalone mode. Any additional client connections would result in an error message.
    The default value is 0, which does not limit connections.
  • max_per_ip — Specifies the maximum of clients allowed to connected from the same source IP address.
    The default value is 0, which does not limit connections.
  • pasv_address — Specifies the IP address for the public facing IP address of the server for servers behind Network Address Translation (NAT) firewalls. This enables vsftpd to hand out the correct return address for passive mode connections.
    There is no default value for this directive.
  • pasv_enable — When enabled, passive mode connects are allowed.
    The default value is YES.
  • pasv_max_port — Specifies the highest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.
    The default value is 0, which does not limit the highest passive port range. The value must not exceed 65535.
  • pasv_min_port — Specifies the lowest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.
    The default value is 0, which does not limit the lowest passive port range. The value must not be lower 1024.
  • pasv_promiscuous — When enabled, data connections are not checked to make sure they are originating from the same IP address. This setting is only useful for certain types of tunneling.

    Warning

    Do not enable this option unless absolutely necessary as it disables an important security feature which verifies that passive mode connections originate from the same IP address as the control connection that initiates the data transfer.
    The default value is NO.
  • port_enable — When enabled, active mode connects are allowed.
    The default value is YES.