How to Install and Configure VsFTPD on Rasberry Pi

I have chosen to use VsFTPD instead of ProFTP for it’s simple configuration but robust high load capability.

This steps can be implemented on any debian based linux systems like ubuntu, Rasbian and very many others. I have RaspBMC (an XBMC Media Centre) running on my Rasberry Pi.

STEP 1: Installation

As in any other debian based Linux systems, the installation of the FTP server can be done simply by executing the following command:

$ sudo apt-get install vsftpd

This command installs and start the ftp server automatically.

This is an example of the VsFTPD configuration file (/etc/vsftpd.conf):

——– start ———–

banner=Raspbmc FTP Server

——– stop —————

STEP 2: Configuration

Stand-alone mode:

The ftp server can either be configured in stand-alone or normal mode. By default the VsFTPD automatically configured as stand-alone. This means that the server have its own startup scripts called daemon. In that case, the VsFTPD daemon can be started by executing “/etc/init.d/vsftpd start”. The server in stand-alone mode can further be managed with stop, restart, status and reload.

Normal mode:

The other approach to configure the VsFTPD server is to use “xinetd” to start the FTP service in normal mode. This helps to keep the FTP service alive. In order to achieve this objective, we first need to install the “xinetd” super server by executing the following command:

$ sudo apt-get install xinetd

The above command will install and start the xinetd super server on your system automatically. However, there is the chance that “xinetd” is already installed on your system. In that case, please skip the step above.

Next, create a file called vsftpd in /etc/xinetd.d/ with the following content:

service ftp
disable = no
sockettype = stream
wait = no
user = /usr/sbin/vsftpd
source = 5
instances = 200
noaccess = #use this to block any connections from this network
onlyfrom = #use this to allow connections only from this network
bannerfail = /etc/vsftpd.busy
onsuccess += PID HOST DURATION
on_failure += HOST


Pleas alter any of these options to match your system configurations.

  • server – to get the correct path to enter here, type “which vsftpd” on the terminal
  • noaccess – this will block any host or hosts defined here
  • bannerfail – this should the path to the file with the text to show to any blocked IP address

STEP 3: /etc/vsftpd.conf Configuration

Open the file /etc/vsftpd.conf and change




This instructs the FTP server not to open any ports but let “xinetd” control and manage the entire ports and services. In order for the normal mode to run smoothly, we need to first stop the vsftpd service by executing the following command:

$ sudo service vsftpd stop

followed by

$ sudo service xinetd reload

We have to test and confirm that the FTP server have been started in normal mode and that the port 21 is open by the following command:

$ sudo netstat -ant | grep 21

You should see this:

tcp 0 0* LISTEN

Posted in FTP, Linux, Linux Installation, VsFTP and tagged , , by with comments disabled.

How Fix VsFTPD Passive Errors On CentOS (Works On Any Linux Distro.)

While trying to connect to my VsFTPD server on CentOS Linux, I got errors “connection time out, Failed to retrieve directory listing”. The reason for this is that, passive mode connects to random ports above 1023 and if you use iptables like in my case, these ports has to be opened otherwise the above errors will occure. One approach to resolving this issue is to enable passive mode, lock down the FTP server to a port range (to serve as random ports) and open the port range in the firewall. Below are the steps I took:

1.) Edit vsftpd.conf and add the following (vi /etc/vsftpd/vsftpd.conf)





2.) Specify which IP address VsFTPD will advertise in response to passive connections

     pasv_address={your public IP address}

     Note: If you have two network interfaces, specify the IP address for the one poniting outside network

              Example: EXT=         INT=

              You have to specify and add “pasv_address=” to the lines above

OR If you don’t have afixed elastic IP address:

      pasv_addr_resolve={your public domain or DNS}

3.) Open the required ports in iptables

      First open die standard port range 20 to 21 by adding this lines to your iptables

      iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 20:21 -j ACCEPT

      iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 10000:10100 -j ACCEPT

4.) Restart vsftpd

     /etc/init.d/vsftpd restart

That’s it! Your passive connections should work without errors

The idea came from

Posted in Linux, VsFTP and tagged , , , by with comments disabled.