can connect but not list files - vsftp
I'm using a slackware 11 box, trying to connect from outside my network through my router. I have port 77 on the router forwarded to port 21 on my server, and ports 7777-8000 allowed through the router. In vsftpd.conf I have the 2 lines
Code:
pasv_min_port=7777 I have tried it with and without my external ip in the "pasv_address=" line. When I try to connect, it connects and shows me at /home/epoo, but just says "working" when trying to list the files. If I do a netstat -tpan I see: Code:
tcp 0 0 192.168.0.100:7940 0.0.0.0:* LISTEN 2157/vsftpd What am I doing wrong? |
Is your ftp client set to PASV mode?
|
Yes. I'm using the fireftp firefox add-on.
Code:
FireFTP 0.96.4 'Loomer', created by Mime Čuvalo |
Anyone else ?
|
Check this, it may help you.
Link : http://slacksite.com/other/ftp.html Quote:
1. Remove all restrictions from router and test. 2. Directly route port 21 from router to Server and test. Update us with your findings. |
I appreciate your response.
The router's port 77 is forwarded to the server's port 21. The vsftp server setup uses the passive ports 7777-8000, which are forwarded to the server from the router. All ports are allowed to exit from the server to the internet. I just added another rule for 1023-65535 to be allowed to the server, but I'm not sure that will change anything since I already had the passive ports allowed before. |
Well, it looks like that did it. I thought I would only need to allow 7777-8000, but it didn't work until I allowed 1023-65535.
Now another question. Isn't it terribly insecure to forward all those ports to my server ? Is there a way to set up iptables to only allow the connection to the ftp server, or do I have to allow all those ports ? |
Seems the pasv port range of 7777-8000 are not being allowed through your router properly. The pasv_min and pasv_max settings do work properly and I have configured numerous ftp servers using that configuration. Is iptables configured on the ftp server? Perhaps the ports need to be allowed by iptables.
Try adding these to your configuration as well: pasv_addr_resolve=YES pasv_address=any.address.you.like pasv_promiscuous=YES |
All times are GMT -5. The time now is 08:22 PM. |