Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm trying get an vsftp working behind NAT...
I have a machine, say GW, that is the router behind my vsftp server and internet, and I want to export this vsftp to internet.
Topology is like this
vsftp host --- GW --- Internet
About FTP stuff, I have read that passive mode is a better approch, so I want to keep with this, in others words, I want to be accessible to any client on internet.
I also read that I have to export ports 21, and pasv_min_port -- which is 3500 -- and pasv_max_port -- which is 4000 -- on my firewall, So here is my firewall configuration..
note: I have all polices to ACCEPT, isn't a real real real firewal hehe..
And on firefox a login/password popup appears
I put my user -- tux -- and password on popup box and press enter.. At this time this appears on vsftpd.log
I set the iptabes log rules as you said, and, for my surprise, there is nothing traveling on 3500 port, nothing..
So I chose then test if my iptables rules are right.. Well, yes they are, because I start a netcat, on ftp server, listening on 3500, and can get connect from my client box, and can send data on both directions..
I can't figure out why my client isn't shooting packages against 3500 port..
Configuration should be ok, as server send correct port number to client, Y.Y.Y.Y in this "227 Entering Passive Mode (Y,Y,Y,Y,13,172)" is your public, external IP on which you connected with netcat? Check this log, to be sure that client is trying to connect correctly at all:
That's it, for some reason my client isn't sending requests to port 3500..
I have no idea why is this happen..
I tried iptables loging, and tcpdump.. there is no output for port 3500 at all..
I got an "Connection reset by peer" on firefox
My guess is that something is going wrong while trying to alert client about pasv mode
I'll try more tcpdump's and come back here with results...
Editing..
I've tried a lot of tcpdumps and iptables -j LOG.. the communication seems OK, my
guess is that vsftpd is doing some security check that is ruining things
After tcpdumping packets coming from 192.168.5.37 (src host) I see that is trying to
resolve some name -- I mean, a lot of packets going to (dst host) 8.8.8.8, after change the
configuration this stops, but still, I got the same error.
Cheers
Last edited by danielhilst; 06-07-2012 at 01:38 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.