LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Active FTP problem with vsftpd (http://www.linuxquestions.org/questions/linux-server-73/active-ftp-problem-with-vsftpd-594157/)

snowx 10-24-2007 06:58 AM

Active FTP problem with vsftpd
 
Hi,
I want to run an Active FTP server with vsftpd service on SuSE 10 Enterprise Server ...

my vsftpd.conf file :
=====================================
anonymous_enable=NO
chroot_local_user=YES
listen=YES
local_enable=YES
pam_service_name=vsftpd
pasv_enable=NO
pasv_promiscuous=YES
session_support=NO
use_localtime=YES
xferlog_enable=YES
async_abor_enable=YES
connect_from_port_20=YES
download_enable=NO
local_umask=0027
=====================================
With this configuration I can ftp with shell but can't ftp using firefox and give me an error : "550 permission denied" .
Also when I ftp with shell , I run a command on server : "netstat -na | grep -i :20" and my port 20 is not open for this Active FTP !!!
I have no use any firewall : iptables or rcSuSEfirewall2 and my network not closed for ports 20 , 21 .

Where is my mistake ?!

selva146 10-24-2007 11:04 AM

Hi,
When you run the active or passive ftp server, first it only listens on port 21(command port).

In Active Mode :

If any requests comes for port 21, then
Server creates aconnection from port 20(server side) to port (client request port +1) client side

so port 20 is open during the data transfer only. it will not open always.


In Passive mode :

If any requests comes for port 21, then
Server send the client on which port client should connect to server for data transfer;
so client initiates connection from (client request port +1) to server's mentioned port

snowx 10-24-2007 12:18 PM

Dear Selva146
I wrote for you , when I try to access ftp from firefox I have an error : "550 permission denied ", It's before data transfering !

selva146 10-25-2007 10:46 AM

Hi

FTP error codes

550 - No such file or directory
550 - Permission Denied.

So i think you trying to access a directory which you do not have permission to access.

ensure that you have permission

BPS 10-25-2007 11:10 AM

just open all the socket and yo will be free to use anything in your server, hahahaha

gerben12 10-25-2007 03:39 PM

Hello,

I think I had the same problem.

Try (depending on your distro though):

In your firewall settings in
/etc/sysconfig/iptables-config

edit:
IPTABLES_MODULES"ip_nat_ftp"
and restart iptables and vsftpd

And if you use IE7 as a broswer, also edit the conf-file with:
chroot_list=YES
Or else you will see the ROOT! directory.

snowx 10-27-2007 12:29 AM

Thank for your comments

Dear Selva146
when I try ftp with firefox in passive-mode , I don't have any error and have access to files easily !
I have " 550 - Permission denied " error only in active-mode ftp ... so I think permision is OK , NO ?!

Dear BPS
I don't know How do I do this ...!
Please guide me ... and tell me what does happen for my security after this ?
I think your answer is near to problem

Dear Gerben12
I don't use iptables ... but I'm trying chroot_list !
You think my problem is solved with chroot_list ?!

gerben12 10-27-2007 07:05 AM

Hi,

No your pprlem wont beesolved bby the chroot list, but that a bug in IE7 I saw.

There is an option in vsftp on which you can enable passive ftp:
put this line in you vsftpd.ccnf

pasv_enable = YES (or NO, depending on your current config)

and restart vsftpd
That hould solve a passive ftp-probem.

snowx 10-27-2007 09:18 AM

Dear Gerben12
I don't want to use passive mode for security reasons ...
I just running Active-mode FTP


All times are GMT -5. The time now is 05:11 AM.