LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-13-2009, 03:35 PM   #1
Count Zero
Member
 
Registered: Feb 2008
Distribution: Debian wheezy
Posts: 130

Rep: Reputation: 15
proftpd on Debian Lenny w. Netgear wgr614, cannot connect in passive mode


Hi all,

I'm revamping a small ftp-server of mine. The only ftp-server that I have any real experience with is glftpd. I was fairly satisfied with it but I wanted to run my server on a fresh Debian install (it ran on an old Ubuntu Dapper) and I prefer to use software from the standard repos' so I opted for a change. My first try was pure-ftpd but that gave me a hard time so I tried out proftpd instead.

So, now I got a clean install of Debian Lenny with proftpd from Debian's standard repos' hooked up to the net with a Netgear wgr614 router. It's up and running just fine, I can log in from the account that I created but I cannot connect using a passive connection.

I've specified the ports for passive connections in the /etc/proftpd/proftpd.conf file and I've opened those ports on my router. I don't have a firewall up and running (yet). When I try to connect it hangs on the LIST command, giving this output:
Code:
Status:	Connecting to MY.EXTERNAL.IP:PORT...
Status:	Connection established, waiting for welcome message...
Response:	220 ProFTPD 1.3.1 Server (NAME) [MY.EXTERNAL.IP]
Command:	USER MY.USERNAME
Response:	331 Password required for MY.USERNAME
Command:	PASS ********
Response:	230 User MY.USERNAME logged in
Command:	OPTS UTF8 ON
Response:	200 UTF8 set to on
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/" is the current directory
Command:	TYPE I
Response:	200 Type set to I
Command:	PASV
Response:	227 Entering Passive Mode (MY.EXTERNAL.IP,192,210).
Command:	LIST
Error:	Connection timed out
Error:	Failed to retrieve directory listing
Now, this snippet is from my proftpd.conf file.

Code:
PassivePorts                  49200 49399

# If your host was NATted, this option is useful in order to
# allow passive transfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
MasqueradeAddress               MY.EXTERNAL.IP
Now, obviously I've edited the output and the config file to MY.EXTERNAL.IP:PORT and MY.USERNAME but there are no typos or anything there. Right now I'm lost and google and the manual doesn't help out. Any and all help is very much appreciated.

Thanks
CZ
 
Old 04-13-2009, 04:23 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
That looks a lot like your router is still blocking the ports, you may want to fire echo up on one of the ports and attempt to connect to it... or maybe reboot the router.
 
Old 04-14-2009, 01:25 AM   #3
Count Zero
Member
 
Registered: Feb 2008
Distribution: Debian wheezy
Posts: 130

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by rweaver View Post
That looks a lot like your router is still blocking the ports, you may want to fire echo up on one of the ports and attempt to connect to it... or maybe reboot the router.
Thanks for the reply. I already tried to reboot the router but that didn't do it (though rebooting them can do wonder, I know...).

As for fire echo up one of the ports I'm gonna do a full disclosure and admit that I don't have a clue about what that mean. (I tried to google it up to hide my ignorance but that didn't work so I might as well come clean about it. )

/CZ
 
Old 04-14-2009, 12:40 PM   #4
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
Quote:
Originally Posted by Count Zero View Post
Thanks for the reply. I already tried to reboot the router but that didn't do it (though rebooting them can do wonder, I know...).

As for fire echo up one of the ports I'm gonna do a full disclosure and admit that I don't have a clue about what that mean. (I tried to google it up to hide my ignorance but that didn't work so I might as well come clean about it. )

/CZ
Sorry, I should have been more clear, it doesn't need to be echo specifically just any daemon that can listen on the port and verify that your firewall is letting traffic through. You can make a simple one shot echo daemon by doing this;

Code:
echo | nc -l -p portnumber &
To see if traffic is coming through correctly on that port number just telnet to the host on that port number from outside... anything you type will be echo'd back to you.

Code:
core$ echo | nc -l -p 9999 &
brains$ telnet core.domain.tld 9999
Trying x.x.x.x...
Connected to core.domain.tld.
Escape character is '^]'.


test
test
test2
test2
hi
hi
^]
telnet> quit
Connection closed.
brains$
A remote nmap of the machine should tell you if the port is filtered or not also.
 
Old 04-14-2009, 01:24 PM   #5
Count Zero
Member
 
Registered: Feb 2008
Distribution: Debian wheezy
Posts: 130

Original Poster
Rep: Reputation: 15
Thanks, I really appreciate your help rweaver!

I was actually trying nmap (among other things) out when I saw your reply but the echo with telnet was really neat.

I can telnet from my desktop into the server and whatever I write on the desktop is echoed on the server, on the ports that are set to be used for passive transfer. However, it is not echoed back to the desktop. Neither have a firewall running and both are inside the network. Could it still be a problem with the router?

I don't have access to a computer outside the network (at least until friday or so) but before I read your reply I had tried three things.

First I used nmap and probed the passive ports on the router. The result was that all specified ports were filtered.

The second thing I did was to pop by www.grc.com and try their shields up! The result was that the ports were closed. Still, it failed the test saying: "Unknown Protocol for this port. Unknown Application for this port".

Third thing I did was to try nmap on my external IP but it just said that no scan information was available.

As an added bonus I tried Shields up! one more time, after I had opened three ports with your nifty echo command and fired up Filezilla, pointing it to the external IP with passive connection. Shields up! now say I have four of the passive ports open, three of which I opened with the echo command plus one more. I killed the (three) echo jobs and tried once more. All ports closed. Fired up filezilla again and tried yet once more. All ports closed. So, I can't reproduce the forth open port, which is a bit unnerving.

Is this information of any use for you? Because I'm still lost.

Thanks!
/CZ

Last edited by Count Zero; 04-14-2009 at 03:08 PM.
 
Old 04-19-2009, 04:32 AM   #6
Count Zero
Member
 
Registered: Feb 2008
Distribution: Debian wheezy
Posts: 130

Original Poster
Rep: Reputation: 15
Ok, I sorted it out. Turned out the problem wasn't with the router at all.

In the proftpd.conf I added this:

Code:
DefaultAddress                MY.INTERNAL.IP.ADRRESS
PassivePorts                  49200 49250
After that it worked. I don't know if this is necessary because I let proftpd do the masquerading but at least it works now.

Still, thanks for the help rweaver, you taught me a few new tricks.

regards
CZ
 
  


Reply

Tags
ftp, mode, passive, proftpd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ProFTPd, Redhat 8.0 and passive mode Slasher Linux - Networking 10 05-09-2008 04:08 PM
Netgear (WGR614) as hub can't connect via Browser stardotstar Linux - Networking 1 12-15-2004 12:03 AM
proftpd, passive mode, and a router.... apberzerk Linux - Networking 2 07-11-2004 07:05 PM


All times are GMT -5. The time now is 05:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration