Para simplificar , eu diria que sim, e é assim que você deve considerá-lo (na minha opinião).
Limitar o intervalo de portas limitará as conexões simultâneas de clientes de acordo com o número de portas que você tem entre min e max. Desta forma, você evitará comportamentos estranhos.
Mas, no fato de que isso não é verdade e tem que ser moderado: -)
Aprofundando e para ser mais preciso: limitar portas afeta o uso conciso do canal de dados .
Observe que uma nova solicitação de conexão precisa de um canal de dados disponível.
Não tenho conhecimento de todos os comandos FTP que usam o canal de dados, mas basicamente carregam (STOR)
, o download (RETR)
, a lista (LIST)
dos comandos precisa do canal de dados.
Para ilustrar isso, acabei de fazer um teste em laboratório (que você pode reproduzir) com o meu servidor vsftpd e estas configurações:
pasv_max_port=10100
pasv_min_port=10100
1. Primeiro teste:
- I connect with Client1 : ok
- I connect with Client2 while Client1 is still connected : ok
- I connect with Client3 while Client1 and Client2 are still connected : ok
Por quê?
- Client2 was able to connect because Client1 was doing nothing (idle) and was not using data channel, so the server has assigned the port to Client2.
- Client3 was able to connect because Client1 and Client2 were idle and not using data channel, so the server has assigned the port to Client3.
2. Segundo teste:
- I connect with Client1 and start uploading a file : ok file upload in progress
- I connect with Client2 while Client1 upload was still running : ERROR cannot connect
- I wait for Client1 upload to finish
- Once Client1 upload was finished i was able to connect with Client2.
Por quê?
- Because Client1 was using data channel for its upload, Client2 was not able to connect because there was no more available port on server side to serve him.
- Once Client1 upload has finished, the server freed-up data channel port and Client2 was able to use it to connect.
3. Terceiro teste:
- I connect with Client1 : ok
- I connect with Client2 while Client1 is still connected : ok
- I start an upload to ftp server from Client1 : ok upload in progress
- I start an upload to ftp server from Client2 while Client1 upload is still running : ERROR connexion closed by server. Transfert failed.
Por quê?
A mix of test 1 and test 2 :
- Client2 was able to connect because Client1 was doing nothing (idle) and was not using data channel, so the server has assigned the port to Client2.
- Client1 is able to upload a file because Client2 is idle so the server has assigned the port to Client1 for its upload.
- Client2 is not able to upload a file because data transfert port is already in use by Client1 for its upload
Agora você pode entender por que eu estava falando sobre comportamentos "estranhos" no começo.
Espero que ajude!