LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   vsftpd passive connection issues (http://www.linuxquestions.org/questions/linux-server-73/vsftpd-passive-connection-issues-700882/)

amb1545 01-29-2009 03:14 PM
vsftpd passive connection issues
 
Hi,

I've got vsftpd running on a RHEL 5 server. I've been having issues with passive connections. Basically, passive connections work for directory listings, but when I go to actually transfer a file, it times out.

This is happening on my LAN, iptables is off.

Here is my vsftpd.conf:

Code:
anonymous_enable=NO
local_enable=YES
write_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
chroot_local_user=YES
guest_enable=YES
guest_username=ftpuser
listen=YES
listen_port=21
pasv_min_port=30000
pasv_max_port=30999
pam_service_name=vsftpd
virtual_use_local_privs=YES
local_root=/XXXX/ftp/$USER
user_sub_token=$USER
hide_ids=YES
ftpd_banner=XXXX FTP
pasv_promiscuous=YES
Here's the debug output from a ftp session:

Code:
andy-bohnes-macbook-pro-2:~ abohne$ ftp -d rfp@concord
Connected to concord.xrefer.lan.
220 XXXX FTP
ftp_login: user `rfp' pass `<null>' host `concord'
---> USER rfp
331 Please specify the password.
Password:
---> PASS XXXX
230 Login successful.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
---> FEAT
211-Features:
 EPRT
 EPSV
 MDTM
 PASV
 REST STREAM
 SIZE
 TVFS
211 End
features[FEAT_FEAT] = 1
features[FEAT_MDTM] = 1
features[FEAT_MLST] = 0
features[FEAT_REST_STREAM] = 1
features[FEAT_SIZE] = 1
features[FEAT_TVFS] = 1
got localcwd as `/Users/abohne'
---> PWD
257 "/"
got remotecwd as `/'
ftp> cd outgoing
---> CWD outgoing
250 Directory successfully changed.
---> PWD
257 "/outgoing"
got remotecwd as `/outgoing'
ftp> dir
---> EPSV
229 Entering Extended Passive Mode (|||30575|)
---> LIST
150 Here comes the directory listing.
drwxrwxr-x    2 ftp      ftp          4096 Oct 17 13:52 200809
drwxrwxr-x    2 ftp      ftp          4096 Jan 26 19:04 200811
-rwxrwxrwx    1 ftp      ftp      4919449 Jan 26 19:04 contbecon2004.zip
-rwxrwxrwx    1 ftp      ftp      7193964 Jan 26 19:08 ehsacron2009.zip
-rwxrwxrwx    1 ftp      ftp      230810621 Jan 26 19:06 ehsdent2008.zip
-rwxrwxrwx    1 ftp      ftp      70208958 Jan 26 19:08 ehsvision2009.zip
-rwxrwxrwx    1 ftp      ftp      158006422 Jan 26 19:10 pearsonwwww2007.zip
226 Directory send OK.
ftp> get contb---> EPSV
---> NLST
econ2004.zip
local: contbecon2004.zip remote: contbecon2004.zip
---> TYPE I
200 Switching to Binary mode.
---> SIZE contbecon2004.zip
213 4919449
---> EPSV
229 Entering Extended Passive Mode (|||30684|)
---> RETR contbecon2004.zip

421 Service not available, remote server timed out. Connection closed
I'm kind of at a loss as to why the directory listings work via passive ftp but not file transfers. Anyone have any thoughts?

kentyler 01-30-2009 01:38 PM
Does this happen without the extra things in the config like:

pasv_min_port=30000
pasv_max_port=30999
virtual_use_local_privs=YES
pasv_promiscuous=YES

amb1545 01-30-2009 01:51 PM
Quote:
Originally Posted by kentyler (Post 3426581)
Does this happen without the extra things in the config like:

pasv_min_port=30000
pasv_max_port=30999
virtual_use_local_privs=YES
pasv_promiscuous=YES
It definitely occurs with every combination of pasv_ config attributes I've tried and without them as well. I haven't tried without virtual_use_local_privs... I can try that out though.

kentyler 02-02-2009 07:12 AM
Do you have any firewall rules loaded?

What does iptables -Ln return?

amb1545 02-02-2009 08:10 AM
Quote:
Originally Posted by kentyler (Post 3429042)
Do you have any firewall rules loaded?

What does iptables -Ln return?
No iptables rules are loaded
Code:
[root@concord ~]# iptables -Ln
iptables: No chain/target/match by that name
[root@concord ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target    prot opt source              destination       

Chain FORWARD (policy ACCEPT)
num  target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
num  target    prot opt source              destination

kentyler 02-03-2009 11:07 AM
Just recently I had a client who was not able to get passive to work and it turned out to be a problem with a route that was missing on the server. Please verify all routes. Also are you able to do passive locally?

If you try ftp localhost will passive work? This would rule out a network issue if it did not.

amb1545 02-05-2009 10:23 AM
Quote:
Originally Posted by kentyler (Post 3430542)
Just recently I had a client who was not able to get passive to work and it turned out to be a problem with a route that was missing on the server. Please verify all routes. Also are you able to do passive locally?

If you try ftp localhost will passive work? This would rule out a network issue if it did not.
I just tested it and localhost via passive is timing out as well.

kentyler 02-05-2009 11:53 AM
Did you try with a default config file? If it times out when you ftp to localhost then there is an issue with vsftpd.


All times are GMT -5. The time now is 05:00 AM.