LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Vsftpd: why the passive port range is not followed? (https://www.linuxquestions.org/questions/slackware-14/vsftpd-why-the-passive-port-range-is-not-followed-4175735281/)

camerabambai 03-25-2024 05:46 AM
Vsftpd: why the passive port range is not followed?
 
I configure vsftpd for passive mode

Code:
    listen=YES
    log_ftp_protocol=YES
    pasv_enable=YES
    pasv_address=192.168.0.2
    pasv_min_port=10090
    pasv_max_port=10100
It works but use random ports!

Look output of ss during transfer

Code:
tcp  ESTAB    0      0                            192.168.0.2:33150    192.168.0.2:21    users:(("ncftp",pid=14411,fd=4)) timer:(keepalive,119min,0) uid:1000 ino:236010 sk:400b cgroup:unreachable:1 <->   
    tcp  ESTAB    0      0                            192.168.0.2:44985    192.168.0.2:20    users:(("ncftp",pid=14411,fd=7)) timer:(keepalive,119min,0) uid:1000 ino:246607 sk:4011 cgroup:unreachable:1 <->
this is ok..without firewall, with firewall and redirect port for nat is a serious problem
Why vsftpd use random ports?

I have tried

Code:
    listen_ipv6=NO
and disable pasv_address option. But nothing

This is the complete configuration, actually

Code:
anonymous_enable=YES
    connect_from_port_20=NO
    dirmessage_enable=YES
    ftpd_banner=Welcome
    listen=YES
    listen_ipv6=NO
    local_umask=022
    log_ftp_protocol=YES
    ls_recurse_enable=YES
    pasv_address=192.168.0.2
    pasv_enable=YES
    pasv_max_port=10100
    pasv_min_port=10090
    seccomp_sandbox=NO
    xferlog_enable=YES
    xferlog_file=/var/log/vsftpd.log
    xferlog_std_format=YES

Petri Kaukasoina 03-25-2024 07:10 AM
In your example the client (ncftp) starts an active ftp connection and it uses random high source ports to initiate the connections. The random port numbers are at the client end and 20 and 21 at the server end.

But you can always 'set passive on' at the ncftp prompt to use a passive data connection.

'pasv_enable=YES' is the default for vsftpd, and it only allows passive, it does not enforce it. The client can initiate either passive or active data connection.

camerabambai 03-25-2024 07:38 AM
Thanks, was client problem


All times are GMT -5. The time now is 07:48 PM.