Your browser failed to load CSS style sheets. Your browser or web proxy might not support elliptic-curve TLS

Building network automation solutions

9 module online course

Start now!
back to overview

Update: Make FTP server slightly more secure

John shared a great idea in his comment to my “FTP: a trip down the memory lane” post: when using some FTP servers you can specify the range of passive ports, allowing you to tighten your router ACL (otherwise you’d have to allow inbound connections to all TCP ports above 1024).

If you’re using wu-ftpd, the port range is specified with the passive ports configuration directive in the ftpaccess configuration file. ProFTPD uses PassivePorts configuration directive and recommends using IANA-specified ephemeral port range. Pure-FTPd takes a more cryptic approach: the port range is specified in the –p command-line option.

Please read our Blog Commenting Policy before writing a comment.


  1. vsftpd has pasv_min_port and pasv_max_port to limit the range of the passive ports used.

  2. As I pointed out in the previous post - if you want security then you don't want FTP - switch to SSH and all will be well in the world.

  3. Ivan Pepelnjak21 May, 2010 09:46

    Can't agree more ... the problem is usually in client or server availability. For example, no SSH/SFTP from Microsoft (the push WebDAV), only FP extensions or FTP for Frontpage (until MS Expression Web 3).


Constructive courteous comments are most welcome. Anonymous trolling will be removed with prejudice.