LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   can connect but not list files - vsftp (https://www.linuxquestions.org/questions/linux-networking-3/can-connect-but-not-list-files-vsftp-556507/)

epoo 05-24-2007 08:33 PM
can connect but not list files - vsftp
 
I'm using a slackware 11 box, trying to connect from outside my network through my router. I have port 77 on the router forwarded to port 21 on my server, and ports 7777-8000 allowed through the router. In vsftpd.conf I have the 2 lines
Code:
pasv_min_port=7777
pasv_max_port=8000
at the end.
I have tried it with and without my external ip in the "pasv_address=" line.

When I try to connect, it connects and shows me at /home/epoo, but just says "working" when trying to list the files. If I do a netstat -tpan I see:
Code:
tcp        0      0 192.168.0.100:7940      0.0.0.0:*              LISTEN    2157/vsftpd
tcp        0      0 192.168.0.100:7950      0.0.0.0:*              LISTEN    2160/vsftpd
tcp        0      0 0.0.0.0:21              0.0.0.0:*              LISTEN    2138/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*              LISTEN    1581/sshd
tcp        0    300 192.168.0.100:22        165.234.90.3:39175      ESTABLISHED2050/sshd: epoo [p
tcp        0      0 192.168.0.100:21        165.234.90.3:49650      ESTABLISHED2160/vsftpd
I'm connected remotely through ssh, hence the ssh connection.
What am I doing wrong?

jeenam 05-24-2007 08:41 PM
Is your ftp client set to PASV mode?

epoo 05-24-2007 08:57 PM
Yes. I'm using the fireftp firefox add-on.
Code:
FireFTP 0.96.4 'Loomer', created by Mime Čuvalo
220 (vsFTPd 2.0.5)
      USER epoo
331 Please specify the password.
      PASS (password not shown)
230 Login successful.
      FEAT
211-Features:
EPRT
EPSV
MDTM
PASV
REST STREAM
SIZE
TVFS
211 End
      PWD
257 "/home/epoo"
      TYPE A
200 Switching to ASCII mode.
      PASV
227 Entering Passive Mode (24,111,51,224,31,45)
      LIST
Then it just says "working..." and times out.

epoo 05-25-2007 06:04 PM
Anyone else ?

p_s_shah 05-26-2007 02:23 AM
Check this, it may help you.
Link : http://slacksite.com/other/ftp.html

Quote:
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:

* FTP server's port 21 from anywhere (Client initiates connection)
* FTP server's port 21 to ports > 1023 (Server responds to client's control port)
* FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
* FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)
If problem still persist,
1. Remove all restrictions from router and test.
2. Directly route port 21 from router to Server and test.

Update us with your findings.

epoo 06-05-2007 01:14 PM
I appreciate your response.
The router's port 77 is forwarded to the server's port 21. The vsftp server setup uses the passive ports 7777-8000, which are forwarded to the server from the router. All ports are allowed to exit from the server to the internet. I just added another rule for 1023-65535 to be allowed to the server, but I'm not sure that will change anything since I already had the passive ports allowed before.

epoo 06-05-2007 07:46 PM
Well, it looks like that did it. I thought I would only need to allow 7777-8000, but it didn't work until I allowed 1023-65535.

Now another question. Isn't it terribly insecure to forward all those ports to my server ? Is there a way to set up iptables to only allow the connection to the ftp server, or do I have to allow all those ports ?

jeenam 06-07-2007 09:43 AM
Seems the pasv port range of 7777-8000 are not being allowed through your router properly. The pasv_min and pasv_max settings do work properly and I have configured numerous ftp servers using that configuration. Is iptables configured on the ftp server? Perhaps the ports need to be allowed by iptables.

Try adding these to your configuration as well:

pasv_addr_resolve=YES
pasv_address=any.address.you.like
pasv_promiscuous=YES


All times are GMT -5. The time now is 08:22 PM.