GRSEC Not allowing Active FTP on Privileged ports

Question

I've been testing an issue with FTP Active transfers recently and I've narrowed down a problem.

On my GRSEC enabled kernel, FTP Active transfers fail to establish on Privileged ports. Using identical configurations, and binding to a high port, the transfer works. Using the identical configurations on a non GRSEC kernel works.

However, I both need the default ftp ports & grsec.

I have contemplated using iptables REDIRECTs to transparently map the default port to a higher port, but this doesn't work in IPv6 due to the removal of the NAT functionality.

I look forward to suggestions.

score 0 · Answer 1 · answered Mar 13 '12 at 10:02

0

Try to add a new rule (or modify an existing one) similar to this one to your grsecurity configuration file:

subject /path/to/vsftpd
bind 0.0.0.0/0:21 stream tcp
bind 0.0.0.0/0:1024-65535 stream tcp

answered Mar 13 '12 at 10:02

Janne Pikkarainen

31,454
4
56
78

GRSEC Not allowing Active FTP on Privileged ports

1 Answers1