ProFTPD is a service for file transfer via the FTP protocol. It is widely used on Linux servers for file management.
FTP servers can operate in two modes:
- Active - PORT: The client determines the connection port.
- Passive - PASV: The server determines the connection port.
In addition to the default port 21, there is a negotiation process for opening additional ports. Depending on the server's operating mode, the initiator of further negotiation is either the client or the server.
Drawbacks of Active Mode:
- It does not work if the client is behind NAT/firewall (the server cannot reach the client).
- A new port is opened for each file, leading to a significant increase in sessions.
Advantages of Passive Mode:
- Works through NAT/firewall (the initiative comes from the client).
- You can limit the port range on the server (PassivePorts in ProFTPD).
To limit the number of connections, settings must be made in the service configuration file:
/etc/proftpd.conf
MaxInstances 30 # Maximum number of processes (including service ones) that ProFTPD can start.
MaxClients 20 # Maximum number of simultaneous connections (users).
MaxClientsPerHost 3 # Limits the number of connections from a single IP address.
You can also forcibly enable passive mode:
/etc/proftpd.conf
Passive on
PassivePorts 50000 50100 # Limits the port range (max. 100 connections).
Passive mode may not work for everyone, so check the operation of NAT and firewall.
Check the configuration file for errors. If it runs as a service, restart it. If it runs with inetd, you only need to ensure there are no errors in the configuration file.
proftpd -t # Check the config.
systemctl restart proftpd # Restart.
The FTP protocol has several drawbacks and sometimes operates with a "lag," unlike HTTP/S or SFTP (SSH File Transfer Protocol), due to the need to negotiate actions and wait for client-server acknowledgment.
If you need to transfer a large number of small files, it is recommended to do so in an archive and then unpack it on the server.