LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-14-2013, 04:03 PM   #1
Muhammad Hamid Ashraf
LQ Newbie
 
Registered: Dec 2012
Location: Islamabad, Pakistan
Distribution: centOS5, RHEL,centOS6.3, Fedora
Posts: 17

Rep: Reputation: Disabled
Unable to list the directory after changing FTP port from 21


Hi!!
I am using FileZilla to connect to FTP Server and successfully connected and listed the directory and files. I have changed the FTP port to 2121 and allowed port 20 and 2121 in my centOS 5 FW but unable to list out the files and directories.
I think FW is blocking it but don't know how...


Below is the time by time statuses of the connection:



Status: Connecting to 172.29.0.29:2121...
Status: Connection established, waiting for welcome message...
Response: 220 WELCOME!!! to my FTP Server...Now don't mess with it..ok!!
Command: USER FTP_User2
Response: 331 Please specify the password.
Command: PASS **********
Response: 230 Login successful.
Status: Server does not support non-ASCII characters.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (172,29,0,29,51,59).
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing

Thanx in advance for the help.
 
Old 03-14-2013, 04:48 PM   #2
pixie
Member
 
Registered: Aug 2003
Distribution: Mageia, Centos, CloudLinux
Posts: 52

Rep: Reputation: 27
Check that:
1) your IP is allowed through the firewall
2) Passive Mode is enabled in your ftp config file
 
Old 03-14-2013, 08:10 PM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,696

Rep: Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261Reputation: 1261
The FTP protocol uses two sockets for connection. One is for the command channel, the other is for data. When the client issues a command, it must setup a return port... and that port may not work (many firewalls/NAT devices will block it).

Using passive mode reverses the connection for the data channel, and that usually works around the problem of firewall blocking.
 
Old 03-14-2013, 11:06 PM   #4
droyden
Member
 
Registered: Feb 2007
Location: UK
Posts: 150

Rep: Reputation: 19
If you are using iptables you need to tell the ftp module of netfilter the new port 2121, which can be done when loading the module. Sorry am on my phone or would get you a link, but should be enough info for you to Google
 
Old 03-15-2013, 01:18 AM   #5
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 23
Blog Entries: 1

Rep: Reputation: Disabled
You can use uset the host name as ftp://ipaddress.So that it will connect the server automatically.It is very secureone.

---------- Post added 03-15-13 at 01:18 AM ----------

Check the firewall once.Weither port was enable or not.otherwise enable the port number.
 
Old 03-15-2013, 05:57 AM   #6
amolredhat
LQ Newbie
 
Registered: Jun 2012
Posts: 7

Rep: Reputation: Disabled
Post output of below commands:-

# iptables -L
# sestatus

And how did you verified FW configuration ? Post rules.
 
Old 03-15-2013, 03:04 PM   #7
Muhammad Hamid Ashraf
LQ Newbie
 
Registered: Dec 2012
Location: Islamabad, Pakistan
Distribution: centOS5, RHEL,centOS6.3, Fedora
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by amolredhat View Post
Post output of below commands:-

# iptables -L
# sestatus

And how did you verified FW configuration ? Post rules.
Below is the result for iptables -L:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data flags:FIN,SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:scientia-ssdb flags:FIN,SYN,RST,ACK/SYN
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:xdmcp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:scientia-ssdb
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6001
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:x11-ssh-offset
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6009
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6008
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6007
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6006
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6005
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6004
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6003
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6002
ACCEPT tcp -- anywhere anywhere state NEW,ESTABLISHED tcp dpt:6001




I have disabled selinux
 
Old 03-15-2013, 03:08 PM   #8
Muhammad Hamid Ashraf
LQ Newbie
 
Registered: Dec 2012
Location: Islamabad, Pakistan
Distribution: centOS5, RHEL,centOS6.3, Fedora
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by amolredhat View Post
Post output of below commands:-

# iptables -L
# sestatus

And how did you verified FW configuration ? Post rules.
Below are the rules added in /etc/sysconfig/iptables file:
-A INPUT -p tcp -m tcp --dport 20 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2121 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport
20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2121 -j ACCEPT
 
Old 03-15-2013, 03:43 PM   #9
Muhammad Hamid Ashraf
LQ Newbie
 
Registered: Dec 2012
Location: Islamabad, Pakistan
Distribution: centOS5, RHEL,centOS6.3, Fedora
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by droyden View Post
If you are using iptables you need to tell the ftp module of netfilter the new port 2121, which can be done when loading the module. Sorry am on my phone or would get you a link, but should be enough info for you to Google
I added the rules in /etc/sysconfig/iptables file. Is it ok to do this.
Actually i don't have much idea of iptables.
 
Old 03-16-2013, 12:09 AM   #10
droyden
Member
 
Registered: Feb 2007
Location: UK
Posts: 150

Rep: Reputation: 19
Those rules are fine, but you are not using port 20 you are using pasv. As above, you need to unload nf_conntrack_ftp and then load it with ports=2121 as the arguments
 
Old 03-16-2013, 11:21 PM   #11
droyden
Member
 
Registered: Feb 2007
Location: UK
Posts: 150

Rep: Reputation: 19
Using modprobe
 
Old 03-17-2013, 06:46 PM   #12
Muhammad Hamid Ashraf
LQ Newbie
 
Registered: Dec 2012
Location: Islamabad, Pakistan
Distribution: centOS5, RHEL,centOS6.3, Fedora
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by droyden View Post
Those rules are fine, but you are not using port 20 you are using pasv. As above, you need to unload nf_conntrack_ftp and then load it with ports=2121 as the arguments

Thank you droyden :-) I have enabled the pasv ports in /etc/vsftpd/vsftpd.conf file and mentioned max and min ports for pasv use. Allow them in my FW. My problem is now solved. Thank you very much for response :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] VSFTPD - Changing FTP Port dsartain Linux - Newbie 5 08-19-2009 09:02 PM
FTP - changing default directory linuxguy08 Linux - Server 10 07-30-2009 12:37 AM
restrict a FTP user from changing directory qrshat Solaris / OpenSolaris 5 02-11-2009 04:02 AM
Changing Access Port in Wu-Ftp shane25119 Linux - Server 0 03-18-2007 06:07 PM
Changing default current directory to / when ftp ckit Linux - Newbie 1 01-27-2004 07:34 PM


All times are GMT -5. The time now is 08:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration