[SOLVED] vsftpd server is not working through web browser

edeamat · 03-05-2012, 11:21 PM

Hi everybody....I need your help about my vsftpd server.

I have installed vsftpd server in my web server and it's behind a firewall too. When I connect to my ftp server through command line is working for me but it's not working when i am trying to connect through my web browser (Mozilla).

In my firewall i added this rules in my iptables configuration:

/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp
iptables -t nat -A PREROUTING -p tcp -d ip_public --dport 21440 -j DNAT --to webserver_address:21440.

I changed my ftp port to 21440. Please help me as soon as possible.

elfenlied · 03-05-2012, 11:51 PM

Do you get some kind of error? That might give you a hint as to why its failing.

Also can you show us the output of the following "iptables -L -n" and "netstat -apn | grep -i listen | grep tcp"

shamantony · 03-06-2012, 12:59 AM

Please let me know what error you are getting while accessing so that I can help you.

ftp://user@ip, this is the way to access ftp via browser

lithos · 03-06-2012, 01:51 AM

Quote:

Originally Posted by shamantony

...
ftp://user@ip, this is the way to access ftp via browser

Except if you allow anonymous access...

@ edeamat

please post the message you get in your browser
and the configuration file of your firewall and vsftpd
you will get more help providing all these settings.

edeamat · 03-06-2012, 10:09 AM

Hi Lithos,

My FTP Server is listening by port 21440 and it's behind a firewall. My firewall is configured with this rules:

iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 21 -j DNAT --to-destination ip_ftp_server:21440
iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 30400:30500 -j DNAT --to-destination ip_ftp_server:21440

thank you

lithos · 03-06-2012, 12:08 PM

Hi,

I don't know why would you need to NAT the address of your FTP server (is your firewall server different than FTP ?)
but if I look at the error 425 you get, then take a look here - 425 - failed to establish connection

you might need to add some options to configuration of firewall

from what I see:

Quote:

iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 21 -j DNAT --to-destination ip_ftp_server:21440
iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 30400:30500 -j DNAT --to-destination ip_ftp_server:21440

this second rule is wrong, it doesn't NAT to Passive ports on your FTP server.
It should be:

Code:

iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 30400:30500 -j DNAT --to-destination ip_ftp_server

or maybe
iptables -t nat -A PREROUTING -p tcp -m tcp -d ip_public --dport 30400:30500 -j DNAT --to-destination ip_ftp_server:30400-30500

so the ports 30400-30500 go to your FTP server IP:30400-30500

It's a problem with your wrong NAT-ing in firewall.

edeamat · 03-06-2012, 12:44 PM

Thank you very much for your help Lithos.

lithos · 03-06-2012, 01:24 PM

No problem edeamat

you were a good "student" listening to suggestions and you did it.

Regards.

edeamat · 03-06-2012, 01:50 PM

Thanks a lot again Lithos. My FTP server is working for me right now.

Best regards.