LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-13-2011, 12:51 PM   #1
seismicmike
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Rep: Reputation: 0
Firefox unable to access vsFTPd directory. Connection times out after authentication.


Hi,

Seismicmike here. My first post. I'll try to be as clear and concise as possible. For the sake of this post, I'm going to use 1.2.3.4 as a place holder for my public IP.

On my web server, I would like to be able to access the /var/ftp directory through a web browser. I have successfully done so with Google Chrome, but I cannot access the directory in Firefox or IE. Both FF and IE ask me for authentication but then time out attempting to load the directory.

I suspect that there may be something up with switching to passive mode and/or that this issue may be more with my configuration of Firefox and not with the server (seeing as how Chrome works). Another possibility may be related to SSL. When I connect with FileZilla, I have to use the FTP over Explicit SSL/TLS option in order to connect. In any case I still would like to fix it. I would also like to avoid having to install FireFTP if at all possible.

Steps to reproduce (not that you can without my actual IP =J):
* Open Chrome
* Go to ftp://1.2.3.4
* Enter username
* Enter password
* Navigate the /var/ftp directory
* Open Firefox
* Go to ftp://1.2.3.4
* Enter username
* Enter password
* Wait around for a while
* Firefox shows the "Connection Reset" error
* Same problem with IE

Details:
Server: Centos 5.5
vsFTPd: 2.2.2
Firefox: 4.0
Chrome: 10.0.648.204
IE: 8.x

My vsftpd.conf:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=NO
xferlog_file=/var/log/vsftpd.log
background=YES
log_ftp_protocol=YES
chroot_local_user=YES
chroot_list_enable=yes
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
listen=YES
pasv_address=1.2.3.4
pasv_min_port=40000
pasv_max_port=40010
pasv_promiscuous=YES
pasv_enable=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pam_service_name=vsftpd

Thanks in advance for your help.

Last edited by seismicmike; 04-13-2011 at 12:54 PM.
 
Old 04-13-2011, 02:52 PM   #2
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi Seismicmike,

As you mentioned that you are able to access it via Google Chrome it appears that the problem is not with the server but with the way browser is trying to access the FTP.

Here I have some queries:

1. Do you have any proxy set up in the browsers?
2. Were you able to browse the FTP directories using command line? If not then what is the error message that you get.

Also if possible can you please take a trace (Successful one from Chrome and Unsuccessful one from Firefox/IE) and paste the output here.
 
Old 04-13-2011, 03:35 PM   #3
seismicmike
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
T3RM1NVT0R,

Thanks for your reply.

1. I do not have a proxy configured.

2.a. Command line appears successful:
Code:
seismicmike@seismicmike-laptop:~$ ftp
ftp> open 1.2.3.4
Connected to 1.2.3.4.
220 (vsFTPd 2.2.2)
Name (1.2.3.4:seismicmike): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 503      503          4096 Apr 13 17:13 pub
226 Directory send OK.
ftp> cd pub
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 503      503      82506838 Apr 13 17:36 SEO Training.zip
226 Directory send OK.
ftp>
2.b. I'm not sure how to take a trace in Google Chrome and Firefox. I may, but it's not ringing a bell at the moment. Perhaps you could remind me?

Very Much Appreciated!
 
Old 04-13-2011, 04:11 PM   #4
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi Seismicmike,

Well you do not have to take a trace in google chrome or firefox.

If you are using Windows machine you can use Wireshark to take the trace or if you are using a linux machine you can use tcpdump to get the trace.

Following are the steps that will capture the required information:

Using Wireshark:

1. Launch Wireshark.
2. Start the trace.
3. Access your ftp server (use Private IP for accessing this as in trace you cannot change your public IP) using Chrome.
4. Once able to access it save it and name it as success.
5. Perform the above steps from 1-3, use Firefox this time and when you get the time out or connection reset message stop the trace and save it as failure.

Using tcpdump:

1. Open up console.
2. Type tcpdump -i eth0 or eth1 whatever applicable in your case.
3. Perform the same steps as that mentioned under Wireshark section (i.e. accessing your FTP using Chrome and Firefox)

You have to run tcpdump twice once for Chrome (successful capture) and one for Firefox (failure capture)

Once done zip and attach the trace files to this thread and we can proceed further with the troubleshooting.
 
Old 04-14-2011, 09:11 AM   #5
seismicmike
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
T3RM1NVT0R,

Thanks. I'll do that. One problem is that I have a separate configuration for internal vsFTPd. The main differences are that I'm not chrooting and not using SSL internally. That won't matter will it?

Edit: I justed tested the connection using the internal IP and got the same behavior as before in both Firefox and Chrome, so it appears that it won't matter. I am currently installing Wireshark and will post the results.

Edit: Ok, I ran Wireshark and have the results. They are .pcap files. I tried uploading them and was told they are invalid files, so I put them in a zip archive and was told the same thing. Do you mind if I e-mail them to you?

I did glance through them and it does appear that the point where Firefox is failing is when it tries to switch over to PASV.

Thanks for your help.

Last edited by seismicmike; 04-14-2011 at 09:28 AM.
 
Old 04-14-2011, 02:22 PM   #6
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi seismicmike,

Sure, you can send me the packet capture on my email address: T3RM1NVT0R@hotmail.com.

As you said that you had looked at the traces and you suspect that it is getting stuck when it enters the passive mode. I would suggest to make the following change in the vsftpd.conf file

Instead of using the following line:

connect_from_port_20=NO

Use this:

connect_from_port_20=YES

and then restart the vsftpd services and then give it a shot.
 
Old 04-14-2011, 02:38 PM   #7
seismicmike
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
T3RM1NVT0R,

Thanks. I changed the connect_from_port_20 setting like you suggested and it didn't appear to make any difference. I took a new trace of Firefox after changing that setting and included it in what I just e-mailed you.

Thanks for your help!
 
Old 04-14-2011, 03:09 PM   #8
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi seismicmike,

Forgot to ask you about the IP address of the host and the FTP server but if I am not wrong your host IP is: 10.0.0.131 and your FTP server IP is: 10.0.0.36.

As I can see from the trace server is requesting the client to make a PASV connection and when it do not hear from it after sending the tcp retransmission for the same request it is sending a RST which is reset.

Are you using any firewall in between the host and the client. I know it sounds weird as to why it is working for one browser but thats the way it is. Every browser has got a different way of accessing FTP server.

Just want to know if you have got your local IP address in the following line as well or only the public IP address

pasv_address=1.2.3.4

Also give following step a try:

ftp://usernameassword@ftpserver.com

Where, username will be the user that you are trying to access FTP server with and the password will be the user's password.
 
Old 04-14-2011, 03:44 PM   #9
seismicmike
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by T3RM1NVT0R View Post
Forgot to ask you about the IP address of the host and the FTP server but if I am not wrong your host IP is: 10.0.0.131 and your FTP server IP is: 10.0.0.36.
The server IP is 10.0.0.131 and my laptop is 10.0.0.36.

Quote:
Are you using any firewall in between the host and the client. I know it sounds weird as to why it is working for one browser but thats the way it is. Every browser has got a different way of accessing FTP server.
There firewalls on the server are disabled. iptables are empty. selinux is disabled (it's just a dev server anyway).
There is an ASA/PIX router/firewall between the servers and the public internet. I've asked the guy that administers it if port 20 is open, but I'm not sure if that's the issue since I'm getting the same behavior internally and externally.

IDK if this helps at all.
Code:
[seismicmike@10.0.0.131 ~]# netstat -a | grep ftp
tcp        0      0 *:ftp                       *:*                         LISTEN
Quote:
Just want to know if you have got your local IP address in the following line as well or only the public IP address

pasv_address=1.2.3.4
For Public, I have:
pasv_address=1.2.3.4

For Internal, I have:
pasv_address=10.0.0.131

Quote:
Also give following step a try:

ftp://usernameassword@ftpserver.com
Chrome worked. Firefox still timed out. Should I run a trace?

Thanks for all the info.
 
Old 04-14-2011, 05:33 PM   #10
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
@ Reply

Hi seismicmike,

I dont think so that further trace will help us in getting anything because I can see from the successful trace that Chrome is entering into EPSV (Extended Passive Mode) on port 40003 and is able to browse the data. However, when Firefox is requesting for PASV (Passive Mode) server is not responding to it and eventually Firefox is resetting the connection.

Let me tell you one interesting thing. I used the vsftpd.conf file that you pasted and it worked for me using Google Chrome, Firefox, IE :-) and I didnt make any change to the file.

From the trace it appears that there is something in between which is blocking Linux server to responsd to the passive request made by the Firefox.

Since I was not able to duplicate it. I can give you the following suggestions that might help:

1. Check the firewall setting on server and client both including SeLinux on the server.
2. Make the min and the max passive port 40000 and 40060 respectively.
3. Try accessing FTP from the server itself using Firefox.
 
Old 04-19-2011, 08:30 AM   #11
seismicmike
LQ Newbie
 
Registered: Apr 2011
Posts: 8

Original Poster
Rep: Reputation: 0
T3RM1NVT0R,

Thank you for these suggestions. I'll come back if I have any more information.

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd with central authentication, but without home directory on the server Blue_Ice Linux - Server 3 05-12-2010 12:32 PM
Integrating vsftpd with Active Directory for user authentication greensuman Linux - Server 1 12-22-2009 05:54 PM
Unable to see shares on samba server - no authentication access desired (open access) neoelf Linux - Networking 1 06-14-2009 04:18 PM
VSFTPD With Active Directory Authentication bigchump Linux - Software 1 07-07-2006 03:36 AM
Unable to Access Database Multiple Times tjherman Linux - Software 0 10-25-2004 12:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration