LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-26-2003, 11:06 AM   #1
elchui
LQ Newbie
 
Registered: Nov 2003
Location: Hong Kong
Distribution: Redhat
Posts: 3

Rep: Reputation: 0
vsftpd Problem with 425 Security: Bad IP connecting


Hi all!!

Distribution: Redhat 9
FTP: vsftpd v1.2 (Standalone Mode)
Symptom: 425 Security: Bad IP connecting

I have successfully to install Redhat 9 and vsftpd v1.2 on my system by default setting. It is successful to connect the ftp server by using both internal ip address and external ip address. Now I have the trouble when I try to change the listen_port=2121 in /etc/vsftpd/vsftpd.conf file. I got the result as success login by internal ip address but fail by external ip address. My server is connected behind the boardband router and I have config port forward to my internal ip. So I believe this is not the problem in the config of NAT/PAT.

Is there any config do I need to add up or modify to make it done? Tks!


Screen Dump of Login:

[root@MyLinLin root]# ftp 192.168.1.2 2121
Connected to 192.168.1.2 (192.168.1.2).
220 (vsFTPd 1.2.0)
Name (192.168.1.2:admin): admin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Goodbye.


[root@MyLinLin root]# ftp 61.10.21.135 2121
Connected to 61.10.21.135 (61.10.21.135).
220 (vsFTPd 1.2.0)
Name (61.10.21.135:admin): admin
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,1,2,86,136)
425 Security: Bad IP connecting.
 
Old 11-27-2003, 03:47 PM   #2
shahab
LQ Newbie
 
Registered: Nov 2003
Distribution: RH9
Posts: 7

Rep: Reputation: 0
i didnt think i would be answering someone, but i had that problem and i got it fixed yesturday

pasv_promiscuous=YES

just add that to your conf file
 
Old 11-28-2003, 08:58 PM   #3
elchui
LQ Newbie
 
Registered: Nov 2003
Location: Hong Kong
Distribution: Redhat
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for answering me shahab :')

I had added pasv_promiscuous=YES in vsftpd.conf file but it wont work still.

my vsftpd.conf is set by default, the only thing I was changed listen_port=2121

Here I try to explain the backgroup of my network, let see if this will help you guys understand what is my question.

--------------
Port forward port | Router | Port forward port 2121/2020
21/20 to 192.168.1.1 -------------- to 192.168.1.2
|
----------------------------
| |
192.168.1.1 | | 192.168.1.2
--------- ---------
Win2k FTP vsftpd
--------- ---------
- config listen_port=2121
in vsftd.conf file
- config ftp-data = 2020,
ftp = 2121 in servives file.

Error message from client ftp:

*** CuteFTP Pro 3.0 - build Feb 13 2003 ***

STATUS:> Getting listing ""...
STATUS:> Connecting to ftp server 61.10.21.135:2121 (ip = 61.10.21.135)...
STATUS:> Socket connected. Waiting for welcome message...
220 (vsFTPd 1.2.0)
STATUS:> Connected. Authenticating...
COMMAND:> USER admin
331 Please specify the password.
COMMAND:> PASS *****
230 Login successful.
STATUS:> Login successful.
COMMAND:> PWD
257 "/home/admin"
STATUS:> Home directory: /home/admin
COMMAND:> FEAT
500 Unknown command.
STATUS:> This site doesn't support the 'features' command.
COMMAND:> REST 100
350 Restart position accepted (100).
STATUS:> This site can resume broken downloads.
COMMAND:> REST 0
350 Restart position accepted (0).
COMMAND:> PASV
227 Entering Passive Mode (192,168,1,2,100,125)
COMMAND:> LIST
STATUS:> Connecting ftp data socket 192.168.1.2:25725...
ERROR:> Can't connect to remote server. Socket error = #10060.
425 Failed to establish connection.
ERROR:> Trashed response received.


Thanks for any help!
elchui
 
Old 12-12-2003, 10:30 PM   #4
trashphish
LQ Newbie
 
Registered: Dec 2003
Posts: 2

Rep: Reputation: 0
From a linux and vsftpd newbie pasv_promiscuous=YES worked for me. The only client i had trouble with was Opera 7 and 6 browsers. IE, wsftp, total commander all worked fine with out this setting.

just wanted to thank shahab, i was pulling my hair out. I will now tackle more advanced vsftpd.conf files now that i have the basics working...
 
Old 12-17-2003, 09:36 PM   #5
mgc6288
LQ Newbie
 
Registered: Jul 2003
Posts: 2

Rep: Reputation: 0
I just started to use vsftpd and I almost have it. The same problem as mentioned before "425 Security: Bad IP Connecting" and the "pasv_promiscuous=YES" did not solve the problem. Is there any other ideas as to what could be causing this? I am using RH9 on a PIV 1.5GHz and I have the BEFSR81 Linksys Router which I also forwarded a set of ports above 1024 along with ports 20 and 21 TCP (not UDP). Thanks in advance.
 
Old 12-21-2003, 01:08 PM   #6
trashphish
LQ Newbie
 
Registered: Dec 2003
Posts: 2

Rep: Reputation: 0
this is what works for me

vsftpd - starting with xinetd

Dont have a clue if this is proper, but its works in everthing thing ive tried it in (opera 6.5, opera 7.21, opera 7.5 beta, IE 6, wsftp pro) note that anon is enabaled by defualt because i dont have a setting for it. I can log in anon, or with any of the knoppix accounts on the PC. The local users can upload, anon can not. I dont think i need the pasv_lines (because my router is set to forword 20, 21 tcp & udp) but i left them in just in case.

Quote:

# base configuration

chroot_local_user=YES
local_enable=YES
max_clients=10
max_per_ip=3
pasv_max_port=65535
pasv_min_port=64000
use_localtime=YES
local_umask=022


# ftp settings

connect_from_port_20=YES


# User Settings

pasv_promiscuous=YES
dirlist_enable=YES
download_enable=YES
write_enable=YES
being a newbie dont know if this could help anyone?

http://trashphish.servebeer.com/pics/router.jpg
 
Old 12-22-2003, 12:53 PM   #7
shadowslope
LQ Newbie
 
Registered: Dec 2003
Location: Canada
Posts: 1

Rep: Reputation: 0
Re: vsftpd Problem with 425 Security: Bad IP connecting

Hi,
I was working on the exact same problem.
According to this,

Quote:
Originally posted by elchui
Hi all!!
227 Entering Passive Mode (192,168,1,2,86,136)
425 Security: Bad IP connecting.
When you try to connect from outside IP (wan IP in router), I does not work kuz vsftp responds with to A pasv connection by giving your internal IP 192.168.1.2 This is of no use in the internet.

Try adding: pasv_address=61.10.21.135 to your vsftpd.conf file.
note replace 61.10.21.135 with the actual Wan IP on your router status page.

Also, you might need to use
pasv_min_port & pasv_max_port to specify a port range compatible with the port fowardind in the router.

Hope this is of some help
 
Old 01-04-2004, 11:33 AM   #8
elchui
LQ Newbie
 
Registered: Nov 2003
Location: Hong Kong
Distribution: Redhat
Posts: 3

Original Poster
Rep: Reputation: 0
Cool

I was out of my town for a month, thanks for the advise. I will start try your advise.
 
Old 07-29-2011, 09:21 AM   #9
vikram.khatri
LQ Newbie
 
Registered: Jul 2011
Posts: 1

Rep: Reputation: Disabled
Smile

I googled for hours and did not find a solution to my problem until I reached to this posting.

Thank you.

I am using a different port in vsftpd.conf file than the default port and I was getting illegal port problem when I did ls -l command.

Interestingly FileZilla and CuteFtp works fine but my favorite FTP client 3D-FTP did not work even though I set passive mode on.

The output from the ftp client suggested that it was receiving 192.168.x.x. address from the server and the poor client did not know how to reach to this internal IP address so setting pasv_address=<to.my.ip.address> in vsftpd.conf solved the problem.

Thank you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd bad-ip connecting javamdk Linux - Networking 4 08-04-2005 10:34 PM
425 Security: Bad IP connecting mikeshn Linux - General 3 03-03-2004 09:37 AM
vsftpd connecting problem tr0gd0O0r Linux - Networking 19 12-11-2003 01:59 PM
vsftpd 425 error raven282 Linux - Networking 7 06-21-2003 01:09 AM
vsftpd 425 bad ip error raven282 Linux - Software 2 05-01-2003 03:29 AM


All times are GMT -5. The time now is 02:40 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration