proftpd, passive mode, and a router....
I know there are other threads concerning proftpd, passive mode, and routers, but none of them seemed to help me. I am still stuck with the following problem when I try to ftp to my proftpd server from outside the network. Note: it works when connecting from another computer inside the LAN.
When trying to transfer files or do a directory listing, I get this: 227 Entering Passive Mode (192,168,1,129,234,107). And then it just sits there......... I have ports 20 (i dont think it's needed, but it's there anyways), 21, and 59000 through 63000 forwarded to the computer that is running proftpd, which you can see is consistent with my following proftpd.conf: ------------------------------------------------------------------------------------------------ # Lock users into the ftproot directory DefaultRoot ~ AllowForeignAddress on #TCPAccessFiles /etc/ftpd.allow /etc/ftpd.deny ServerIdent on "Enter username and password. Anonymous logins are disabled. ServerName bla ServerType standalone ServerAdmin Private@whatever.net DeferWelcome on #ShowDotFiles off ShowSymlinks on MultilineRFC2228 on DefaultServer on AllowOverwrite on MaxClients 10 MaxClientsPerHost 1 "You are already logged on once." RequireValidShell off TimeoutNoTransfer 120 TimeoutStalled 10 TimeoutLogin 20 TimeoutIdle 1200 RootLogin off UseFtpUsers off Port 21 PassivePorts 59000 63000 MaxInstances 30 ExtendedLog /var/log/ftp.log auth,all ListOptions "-l" DenyFilter \*.*/ # Set the user and group that the server normally runs at. User ftp Group ftp-users <Directory ~/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory ~/music/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory ~/movies/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory ~/shows/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory> ~/upload> Umask 022 022 AllowOverwrite on <Limit MKD XMKD RNRF RNTO DELE RMD XRMD STOR> AllowAll </Limit> </Directory> <Directory> ~/documents/*> Umask 022 022 AllowOverwrite on <Limit MKD XMKD RNRF RNTO DELE RMD XRMD STOR> AllowAll </Limit> </Directory> |
I don't think you're gonna be able to use passive mode, since you're behind a router. The problem is... in passive mode, the client initiates all of the connections. So what happens is... the client is trying to initiate the first connection to your port 21, which is fine, because you've got that forwarded to your box. Then, the client tries to initiate the data connection to some high-numbered port on your machine. Since this is actually trying to connect to your router, I'm sure you don't have all of the high-numbered ports forwarded to your server, and you probably shoudln't anyway. So this is where you're having trouble.
If you're running active FTP (as opposes to passive) the client starts the conversation by connecting to your port 21 and then the server uses port #20 to connect to a high-numbered port on the client for the data connection. Bottom line... turn off passive mode and try it. Here's something for your reference that may help explain more about active vs. passive. http://slacksite.com/other/ftp.html |
Well, I've tried using it with passive mode off, and couldnt get that to work either.
Besides, if you look at my original post, I have set which ports to use for passive mode on the proftpd.conf file and I DO have that range of ports forwarded from the router to server, which is exactly what all the other threads have been suggesting. |
All times are GMT -5. The time now is 11:02 PM. |