Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 04-25-2003, 03:55 PM   #1
Bug Boy
LQ Newbie
Registered: Apr 2003
Posts: 1

Rep: Reputation: 0
vsftp and hardware firewall

OK kinda new at this. Just enought to be dangourous.
Fresh install of redhat 9
Have a SMB baricade hardware firewall.
Ports 80,20,21 open to the outside and ported to my linux box at
HTTP apache server works fine this way. Trying to get an FTP server up so other users can modify the website.
I can connect to the server from another client of this side of the firewall no problems. When I try to connect to the server using the real world IP it connects then I get the error from ws_ftp
227 Entering Passive Mode (192,168,2,14,21,52)
connecting data channel to
Substituting connection address 24.XXX.XXX.XXX for private address from PASV
connection refused; the server would not accept an FTP connection.
PORT 192,168,2,35,4,82
500 Illegal PORT command.
Port failed 500 Illegal PORT command.
Users from the internet get similar things. The client connects but then fails after it goes to passive mode.

Here is the contents of my vsftpd.conf file

ftpd_banner=Welcome to Calder's FTP service.

and my vsftp file

disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/vsftpd
per_source = 5
instances = 10
nice = 10
banner_fail = /etc/vsftpd.busy_banner
log_on_success += PID HOST DURATION
log_on_failure += HOST

Old 08-31-2003, 07:44 AM   #2
LQ Newbie
Registered: Aug 2003
Location: In Transit
Distribution: Red Hat 9, Red Hat 8
Posts: 4

Rep: Reputation: 0
Almost exactly the same but Wxp client works

OK... I have the same issue. I installed RH9 on one computer with
an up 2 date RH8 on my host. I persuaded the host to function using RH8 vsftpd and connected from the Windows XP box (which is actually a dual-boot system). This was successful.

Now I am attempting to connect from the RH9 client on the same box. So it is NOT a hardware issue, and it is not certainly a server issue, though it could be. It is most likely something on the client side. The connection succeeds through the login and then fails to handle the pasv mode connection for data.

Old 08-31-2003, 10:02 AM   #3
Senior Member
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
It's most likely a firewall issue, have to open up port 20 too, take a peek at

man vsftpd.conf

That's my guess, open up port 20 and see if it helps.
Old 08-31-2003, 12:11 PM   #4
LQ Newbie
Registered: Aug 2003
Location: In Transit
Distribution: Red Hat 9, Red Hat 8
Posts: 4

Rep: Reputation: 0
its the iptables

It's definitely a problem in the iptables config, and I am working on that setup now. It appears that the client side iptables isn't accepting the connect from the server on the random-high port. I have found several sources of config info on the web which might work, but the lokkit on RH9 doesn't appear to allow for manual config of the tables. I have to find out how to do THAT properly before I can really use the tables. Annoying. I should be able to use vi to mod the config to be what it needs to be, but we are trying to automate this stuff and RH has it tied up with the automatic security config.

Turning off iptables on the server makes it work. I am trying to be certain that this is safe to do. The server is ONLY a server in the context of the zone behind a linksys nat installation.

I will continue to work on it a while, I need to know how to do this sort of thing. OTOH, it is hard to do and I have found that things that are really hard (as this appears to be) are likely to be things we shouldn't be doing. I don't NEED to serve ftp to the world, just to the private subnet I can accomplish my tasks by configuring samba for that same region and by using sftp and scp and nfs locally. In other words. Perhaps I should rely on my translation router to do translation and maybe not be dealing with this. I almost know enough to evaluate the problem properly now.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hardware Firewall - Will this work? phillips321 Linux - Networking 1 02-24-2005 07:16 AM
I am buying a hardware firewall Ephracis Linux - Networking 3 11-23-2004 12:04 PM
Hardware router/firewall? drisay Slackware 5 10-01-2004 08:26 PM
Hardware or software firewall? ScreeminChikin Linux - Security 5 10-05-2002 04:28 AM
Firewall: hardware or software sluggo Linux - Security 5 01-20-2002 12:37 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:27 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration