vsftpd 425 error

raven282 · 04-30-2003, 12:35 PM

I have redhat 9 installed and am trying to set up vsftpd. When i connect using a ftp client and turn off pasv mode everything works great but when i have it on i get the following error.

PASV
227 Entering Passive Mode (192,138,153,51,67,206)
LIST
425 Security: Bad IP connecting.

what do i need to do to be able to use pasv mode?

markus1982 · 04-30-2003, 02:38 PM

Which vsftpd version are you using ?
How did you install vsftpd ?
What is your vsftpd configuration ?

raven282 · 04-30-2003, 03:28 PM

I am using whatever version came with redhat 9 it installed with it so i didn't install anything. All i did was start the daemon and that was it.

raven282 · 04-30-2003, 10:03 PM

well i just reformatted because i had to fix a couple other things but i am still having the same issue, anyone have any ideas at all?

markus1982 · 05-01-2003, 12:37 AM

I didn't have this issue, but then well I've compiled vsftpd from source like I do with almost every service. Check the version:

rpm --qa | grep vsftpd

And post your config here!

Sippy · 05-06-2003, 11:09 AM

I just completed configuring an FTP server with vsftpd in RH9. I ran across some similar issues. It most likely is your firewall setup that is causing your problem. Do you have netfilter/iptables configured? PASV ftp connections want to use highports which may need to be enabled.

I specified a specific range of ports in the vsftpd.conf file

pasv_max_port=65000
pasv_min_port=55000

Made sure these same ports are specified in /etc/sysconfig/iptables by opening these same ports:

INPUT -p tcp -m tcp --dport 55000:65000 -j ACCEPT
INPUT -p tcp -m tcp --sport 55000:65000 -j ACCEPT

or just allow highports:

INPUT -p tcp -m tcp --dport 1025: -j ACCEPT
INPUT -p tcp -m tcp --sport 1025: -j ACCEPT

This fixed up my problems using PASV, hope that helps people trying to figure out vsftpd configs.

Gear_freak2000 · 06-04-2003, 01:09 PM

hey i got this same problem... but i cannot fix it.... i tryed the above way... didnt work... any idea...

Could it be my router?

the problem i get is that if i try and do anything that would return infomation (eg "ls") i get

500 Illegal PORT command.
425 Use PORT or PASV first.

ptbug · 06-21-2003, 01:09 AM

add this line to you vsftpd.conf

pasv_promiscuous=YES

Worked for me after checking the change log.