Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running vsftpd-2.2.2 on Slackware 13.1 and I'm behind a NAT with a dynamic IP. I'm using pasv_address, which makes it necessary to have a crontab that checks whether my IP has changed, and if it has, edits the conf and restarts vsfptd. It's hackish but it works. I have also enabled FTPES on the same port that normal FTP runs.
I have allowed only the 5001:5003 ports and I am aware that the recommented is 50 ports. However I never had an issue with the transfers since I'm the only user and have at maximum two simultaneous transfers.
I can connect remotely with FTP and FTPES with every client I tried but I'm having issues locally. FileZilla refuses to connect on FTP and FTPES. WinSCP can connect on FTP but not FTPES.
Issues are gone if I enable pasv_promiscuous, which the manpage strongly recommends not to use unless "you know what you're doing". I don't.
Why is this happening? And, can I fix the local connections without resorting to pasv_promiscuous?
Here is my config and log files from a failed local attempt.
Distribution: Ubuntu, Debian, Fedora, Oracle Linux
Posts: 109
Rep:
Quote:
Originally Posted by jsmith6
I'm running vsftpd-2.2.2 on Slackware 13.1 and I'm behind a NAT with a dynamic IP. I'm using pasv_address, which makes it necessary to have a crontab that checks whether my IP has changed, and if it has, edits the conf and restarts vsfptd. It's hackish but it works. I have also enabled FTPES on the same port that normal FTP runs.
I have allowed only the 5001:5003 ports and I am aware that the recommented is 50 ports. However I never had an issue with the transfers since I'm the only user and have at maximum two simultaneous transfers.
I can connect remotely with FTP and FTPES with every client I tried but I'm having issues locally. FileZilla refuses to connect on FTP and FTPES. WinSCP can connect on FTP but not FTPES.
Issues are gone if I enable pasv_promiscuous, which the manpage strongly recommends not to use unless "you know what you're doing". I don't.
Why is this happening? And, can I fix the local connections without resorting to pasv_promiscuous?
Here is my config and log files from a failed local attempt.
using passive mode implies that the server return the IP and the Port to use for the data transfer.
This mean that when the client specify the command PASV the server return something like:
Code:
227 Entering Passive Mode (77,49,54,233,19,139).
this mean the it's in listening on the IP 77.49.54.233 on the port 19*256+139 (=5003): the client need to call this IP & Port to establish a data connection.
May this doesn't works locally because he should use the private IP and not the public one?
Have a try using the command EPSV instead of PASV....
Last but not least: the use of passive mode in FTP is a GOOD choice because it prevents (or try to !) the sniffing on a well known data port...
Well, not really true...I mean EPSV is one of the default command available to the client, but if you want you can disable it (as the others, of course!) to limit your ftp user.
So to test if EPSV solve your local access to your ftp server just go on that way:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.