VSFTPD Problems

cantthinkofausername · 06-07-2007, 03:07 AM

Ok here is the story, i have set up a VSFTPD server which works perfectly... internally. as soon as i try access the FTP server from a site from outside our network (on the other side of the firewall) it logs in just great, well see for yourself.

Code:

331 Please specify the password.
Password:
230 Login successful.
ftp> ls
500 Illegal PORT command.
425 Use PORT or PASV first.
ftp> quote pasv
227 Entering Passive Mode (192,168,128,7,7,234)
ftp> ls
425 Failed to establish connection.

when i try do a ls or dir, it just hangs up for a few minutes and then returns failed to establish connection.

me post my VSFTPD.conf

Code:

anonymous_enable=NO
local_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ftpd_banner= FTP Site
chroot_list_enable=YES
local_root=/FTPD
chroot_list_file=/etc/vsftpd/chroot_list
pam_service_name=vsftpd
userlist_enable=NO
listen=YES
tcp_wrappers=YES
pasv_enable=YES
pasv_min_port=2021
pasv_max_port=2071

I am not using ip tables at all and have an external forewall, which is forwarding ports 21/20 and a range between 2021 and 2071 to and from the FTP server.

cantthinkofausername · 06-07-2007, 04:00 AM

alright, after turning on detailed logging, here is a section of the vsftpd.log file that details the attempt

Code:

Thu Jun  7 08:47:38 2007 [pid 16805] [xxxxxxx] FTP response: Client "*.*.*.*", "331 Please specify the password."
Thu Jun  7 08:47:39 2007 [pid 16805] [xxxxxxx] FTP command: Client "*.*.*.*", "PASS <password>"
Thu Jun  7 08:47:40 2007 [pid 16804] [xxxxxxx] OK LOGIN: Client "*.*.*.*"
Thu Jun  7 08:47:40 2007 [pid 16806] [xxxxxxx] FTP response: Client "*.*.*.*", "230 Login successful."
Thu Jun  7 08:47:41 2007 [pid 16806] [xxxxxxx] FTP command: Client "*.*.*.*", "PORT 192,168,128,5,19,137"
Thu Jun  7 08:47:41 2007 [pid 16806] [xxxxxxx] FTP response: Client "*.*.*.*", "500 Illegal PORT command."
Thu Jun  7 08:47:41 2007 [pid 16806] [xxxxxxx] FTP command: Client "*.*.*.*", "NLST"
Thu Jun  7 08:47:41 2007 [pid 16806] [xxxxxxx] FTP response: Client "*.*.*.*", "425 Use PORT or PASV first."
Thu Jun  7 08:47:44 2007 [pid 16806] [xxxxxxx] FTP command: Client "*.*.*.*", "LS"
Thu Jun  7 08:47:44 2007 [pid 16806] [xxxxxxx] FTP response: Client "*.*.*.*", "500 Unknown command."
Thu Jun  7 08:47:47 2007 [pid 16806] [xxxxxxx] FTP command: Client "*.*.*.*", "PASV"
Thu Jun  7 08:47:47 2007 [pid 16806] [xxxxxxx] FTP response: Client "*.*.*.*", "227 Entering Passive Mode (192,168,128,7,7,247)"
Thu Jun  7 08:47:48 2007 [pid 16806] [xxxxxxx] FTP command: Client "*.*.*.*", "NLST"

Note: i have replaced the ip address with *.*.*.*

pk21 · 06-07-2007, 08:25 AM

type pasv as soon as you have logged in to use passive ftp. Did you check your firewall logs?