Show Table of Contents
21.2.2.6.8. Network Options
The following lists directives that define how
vsftpd interacts with the network.
accept_timeout— Specifies the amount of time for a client using passive mode to establish a connection.The default value is60.anon_max_rate— Specifies the maximum data transfer rate for anonymous users in bytes per second.The default value is0, which does not limit the transfer rate.connect_from_port_20— When enabled,vsftpdruns with enough privileges to open port20on the server during active-mode data transfers. Disabling this option allowsvsftpdto run with less privileges but may be incompatible with someFTPclients.The default value isNO. On Red Hat Enterprise Linux 6, this option is set toYESin the configuration file.connect_timeout— Specifies the maximum amount of time a client using active mode has to respond to a data connection, in seconds.The default value is60.data_connection_timeout— Specifies maximum amount of time data transfers are allowed to stall, in seconds. Once triggered, the connection to the remote client is closed.The default value is300.ftp_data_port— Specifies the port used for active data connections whenconnect_from_port_20is set toYES.The default value is20.idle_session_timeout— Specifies the maximum amount of time between commands from a remote client. Once triggered, the connection to the remote client is closed.The default value is300.listen_address— Specifies theIPaddress on whichvsftpdlistens for network connections.There is no default value for this directive.Note
If running multiple copies ofvsftpdserving differentIPaddresses, the configuration file for each copy of thevsftpddaemon must have a different value for this directive. See Section 21.2.2.2, “Starting Multiple Copies of vsftpd” for more information about multihomedFTPservers.listen_address6— Specifies theIPv6address on whichvsftpdlistens for network connections whenlisten_ipv6is set toYES.There is no default value for this directive.Note
If running multiple copies ofvsftpdserving differentIPaddresses, the configuration file for each copy of thevsftpddaemon must have a different value for this directive. See Section 21.2.2.2, “Starting Multiple Copies of vsftpd” for more information about multihomedFTPservers.listen_port— Specifies the port on whichvsftpdlistens for network connections.The default value is21.local_max_rate— Specifies the maximum rate at which data is transferred for local users logged in to the server in bytes per second.The default value is0, which does not limit the transfer rate.max_clients— Specifies the maximum number of simultaneous clients allowed to connect to the server when it is running in standalone mode. Any additional client connections would result in an error message.The default value is0, which does not limit connections.max_per_ip— Specifies the maximum number of clients allowed to connect from the same sourceIPaddress.The default value is50. The value0switches off the limit.pasv_address— Specifies theIPaddress for the public-facingIPaddress of the server for servers behind Network Address Translation (NAT) firewalls. This enablesvsftpdto hand out the correct return address for passive-mode connections.There is no default value for this directive.pasv_enable— When enabled, passive-mode connections are allowed.The default value isYES.pasv_max_port— Specifies the highest possible port sent toFTPclients for passive-mode connections. This setting is used to limit the port range so that firewall rules are easier to create.The default value is0, which does not limit the highest passive-port range. The value must not exceed65535.pasv_min_port— Specifies the lowest possible port sent toFTPclients for passive-mode connections. This setting is used to limit the port range so that firewall rules are easier to create.The default value is0, which does not limit the lowest passive-port range. The value must not be lower than1024.pasv_promiscuous— When enabled, data connections are not checked to make sure they are originating from the sameIPaddress. This setting is only useful for certain types of tunneling.Warning
Do not enable this option unless absolutely necessary as it disables an important security feature, which verifies that passive-mode connections originate from the sameIPaddress as the control connection that initiates the data transfer.The default value isNO.port_enable— When enabled, active-mode connects are allowed.The default value isYES.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.