Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm using a slackware 11 box, trying to connect from outside my network through my router. I have port 77 on the router forwarded to port 21 on my server, and ports 7777-8000 allowed through the router. In vsftpd.conf I have the 2 lines
Code:
pasv_min_port=7777
pasv_max_port=8000
at the end.
I have tried it with and without my external ip in the "pasv_address=" line.
When I try to connect, it connects and shows me at /home/epoo, but just says "working" when trying to list the files. If I do a netstat -tpan I see:
From the server-side firewall's standpoint, to support passive mode FTP the following communication channels need to be opened:
* FTP server's port 21 from anywhere (Client initiates connection)
* FTP server's port 21 to ports > 1023 (Server responds to client's control port)
* FTP server's ports > 1023 from anywhere (Client initiates data connection to random port specified by server)
* FTP server's ports > 1023 to remote ports > 1023 (Server sends ACKs (and data) to client's data port)
If problem still persist,
1. Remove all restrictions from router and test.
2. Directly route port 21 from router to Server and test.
I appreciate your response.
The router's port 77 is forwarded to the server's port 21. The vsftp server setup uses the passive ports 7777-8000, which are forwarded to the server from the router. All ports are allowed to exit from the server to the internet. I just added another rule for 1023-65535 to be allowed to the server, but I'm not sure that will change anything since I already had the passive ports allowed before.
Well, it looks like that did it. I thought I would only need to allow 7777-8000, but it didn't work until I allowed 1023-65535.
Now another question. Isn't it terribly insecure to forward all those ports to my server ? Is there a way to set up iptables to only allow the connection to the ftp server, or do I have to allow all those ports ?
Seems the pasv port range of 7777-8000 are not being allowed through your router properly. The pasv_min and pasv_max settings do work properly and I have configured numerous ftp servers using that configuration. Is iptables configured on the ftp server? Perhaps the ports need to be allowed by iptables.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.