We do have the /etc/services file but it's the one which is distributed with SuSE 10. So no, although there are a lot of FTP service ports mentioned in that file I don't see anything specific to VSFTP or which explains why proc/sys/net/ipv4/ip_local_port_range is seemingly ignored by VSFTP daemon.
-----Original Message----- From: Linux on 390 Port [mailto:linux-...@vm.marist.edu] On Behalf Of Richard Gasiorowski Sent: Tuesday, February 23, 2010 6:00 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Passive Port Control hey Mr Scully IS it possible that /etc/services has been defined? Richard (Gaz) Gasiorowski SA&E Solution Architect CSC 3170 Fairview Park Dr., Falls Church, VA 22042 845-889-8533|Work|845-392-7889 Cell|rgasi...@csc.com|www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: "Scully, William P" <william.scu...@ca.com> To: LINUX-390@vm.marist.edu Date: 02/23/2010 04:45 PM Subject: Passive Port Control Help me understand something, please. In SuSE 10 I see: > cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000 However with VSFTP I seem to be using an ephemeral port outside that range: Finding Host whatever.ca.com ... Connecting to 123.123.123.123:21 Connected to 123.123.123.123:21 in 0.203093 seconds, Waiting for Server Response 220 "This is CA service." Host type (1): Automatic detect USER anonymous 331 Please specify the password. PASS (hidden) 230 Login successful. SYST 215 UNIX Type: L8 Host type (2): UNIX (standard) PWD 257 "/" CWD / 250 Directory successfully changed. PWD 257 "/" TYPE A 200 Switching to ASCII mode. PASV 227 Entering Passive Mode (123,123,123,123,120,134) connecting data channel to 123.123.123.123:120,134(30854) data channel connected to 123.123.123.123:120,134(30854) LIST 150 Here comes the directory listing. transferred 955 bytes in < 0.001 seconds, 7460.938 Kbps ( 932.617 KBps), transfer succeeded. 226 Directory send OK. I did -not- encode these records in VSFTP's configuration, as I thought TCP/IP's limits would be in effect. pasv_max_port The maximum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. Default: 0 (use any port) pasv_min_port The minimum port to allocate for PASV style data connections. Can be used to specify a narrow port range to assist firewalling. Default: 0 (use any port) My question is this: Why are the TCP/IP limits on the ephemeral ports not enforced? ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
