LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-22-2006, 03:42 AM   #1
TongueTied
Member
 
Registered: Aug 2003
Distribution: SuSE 8.1 pro
Posts: 94

Rep: Reputation: 15
vsftpd no allowing PASV mode


I am having trouble with vsftp. The problem I am having is trying to get the vsftpd to permit PASV mode connections. At the moment, it isn't accepting PASV mode. When I connect and have PASV turned on in my ftp client, I get the following:

220 Welcome to the FTP Server.
USER myftpuser
331 Please specify the password.
PASS (password not shown)
230 Login successful.
PWD
257 "/"
TYPE A
200 Switching to ASCII mode.
CWD /
250 Directory successfully changed.
PASV
227 Entering Passive Mode (210,19,194,98,146,112)
LIST

It then just sits there until it times out. No directory listing, nothing. If I connect with PASV mode turned off, I can access correctly. As you can see from my vsftpd.conf file listed below, I have pasv_enable=YES so I am somewhat confused as to why it wouldn't permit me to get directory listings etc. in pasv mode.

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to the FTP Server.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
listen=NO
chroot_local_user=YES
passwd_chroot_enable=YES
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.userlist_file
pasv_enable=YES
pasv_address=x.y.w.z (I have a fixed IP which I have removed for this post)

I have noted that there has been some discussion where people have problems access in pasv mode due to router problems. Currently I am trying to first establish everything working from my internal network so the router shouldn't be an issue(I think, but external connections to my FTP are finding the same result). However, incase it is, I am using a Dlink DI-704P with firmware v3.04. The firewall is run by the router and not my linux box so I assume it isn't a firewall issue.

Does anyone have any ideas how to solve this?

The rest of my kit:
SuSE Linux 9.1
vsftp 2.0.4
 
Old 03-22-2006, 05:21 AM   #2
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Passive and active FTP mode are only different in one aspect. The port numbers they use.
Active mode uses ports 20 and 21 on the server. Passive mode uses ports 20 and a port > 1024.
Ports < 1024, called privileged ports, are reserved for certain protocols (ie port 80 => always HTTP protocol).
Servers offering HTTP service (ie web service) will thus need to open port 80.
Ports > 1024, on the other hand, are free to be used by any application in principle. Because these ports are used by clients when they connect to a server on a privileged port, servers usually have blocked access to these ports (servers aren't intended for running client apps). However, passive ftp is an exception to this rule of thumb.

Maybe your firewall doesn't allow access to ports > 1024 on the server, thus blocking any data from passing
when you're in passive mode.

To solve that:
-decide on a range of port numbers (not just one, but ie 100 consecutive numbers) above 1024 to be used for passive FTP.
-unblock access to those ports on the firewall
-make sure the ftp server uses a port in the chosen range for passive ftp.
 
Old 03-22-2006, 10:43 AM   #3
TongueTied
Member
 
Registered: Aug 2003
Distribution: SuSE 8.1 pro
Posts: 94

Original Poster
Rep: Reputation: 15
Thanks, I'll give that a shot first thing in the morning.
 
Old 03-23-2006, 03:28 AM   #4
TongueTied
Member
 
Registered: Aug 2003
Distribution: SuSE 8.1 pro
Posts: 94

Original Poster
Rep: Reputation: 15
Your suggestion seemed to work. I find it very strange since I was trying to connect from behind the firewall so the ports on the router shouldn't have made a difference but they did. Anyway, I'm grateful it is now working. Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTP and PASV mode JohnLinx Linux - Networking 0 01-12-2005 06:06 PM
PASV mode connection error in proftpd Kerr Linux - Software 2 07-05-2004 05:27 AM
PASV mode with Sarge and Wget Zaskar Debian 0 03-02-2004 03:49 PM
Vsftpd PASV mode is there such a thing? lawman Linux - Software 2 12-12-2003 10:56 AM
pasv mode dica Linux - Networking 3 04-15-2003 10:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration