OK kinda new at this. Just enought to be dangourous.
Fresh install of redhat 9
Have a SMB baricade hardware firewall.
Ports 80,20,21 open to the outside and ported to my linux box at 192.168.2.14
HTTP apache server works fine this way. Trying to get an FTP server up so other users can modify the website.
I can connect to the server from another client of this side of the firewall no problems. When I try to connect to the server using the real world IP it connects then I get the error from ws_ftp
227 Entering Passive Mode (192,168,2,14,21,52)
connecting data channel to 192.168.2.14:5428
Substituting connection address 24.XXX.XXX.XXX for private address 192.168.2.14 from PASV
connection refused; the server would not accept an FTP connection.
PORT 192,168,2,35,4,82
500 Illegal PORT command.
Port failed 500 Illegal PORT command.
Users from the internet get similar things. The client connects but then fails after it goes to passive mode.

Here is the contents of my vsftpd.conf file

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
nopriv_user=ftpsecure
ftpd_banner=Welcome to Calder's FTP service.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES

and my vsftp file

disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/vsftpd
per_source = 5
instances = 10
nice = 10
banner_fail = /etc/vsftpd.busy_banner
log_on_success += PID HOST DURATION
log_on_failure += HOST

Thanks
Calder

OK... I have the same issue. I installed RH9 on one computer with
an up 2 date RH8 on my host. I persuaded the host to function using RH8 vsftpd and connected from the Windows XP box (which is actually a dual-boot system). This was successful.

Now I am attempting to connect from the RH9 client on the same box. So it is NOT a hardware issue, and it is not certainly a server issue, though it could be. It is most likely something on the client side. The connection succeeds through the login and then fails to handle the pasv mode connection for data.

respectfully
BJ

It's most likely a firewall issue, have to open up port 20 too, take a peek at

man vsftpd.conf


That's my guess, open up port 20 and see if it helps.

It's definitely a problem in the iptables config, and I am working on that setup now. It appears that the client side iptables isn't accepting the connect from the server on the random-high port. I have found several sources of config info on the web which might work, but the lokkit on RH9 doesn't appear to allow for manual config of the tables. I have to find out how to do THAT properly before I can really use the tables. Annoying. I should be able to use vi to mod the config to be what it needs to be, but we are trying to automate this stuff and RH has it tied up with the automatic security config.

Turning off iptables on the server makes it work. I am trying to be certain that this is safe to do. The server is ONLY a server in the context of the zone behind a linksys nat installation.

I will continue to work on it a while, I need to know how to do this sort of thing. OTOH, it is hard to do and I have found that things that are really hard (as this appears to be) are likely to be things we shouldn't be doing. I don't NEED to serve ftp to the world, just to the private subnet 192.168.xxx.yyy. I can accomplish my tasks by configuring samba for that same region and by using sftp and scp and nfs locally. In other words. Perhaps I should rely on my translation router to do translation and maybe not be dealing with this. I almost know enough to evaluate the problem properly now.

respectfully
BJ