LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Proftpd 1.2.6 in Slackware 8.1 (https://www.linuxquestions.org/questions/slackware-14/proftpd-1-2-6-in-slackware-8-1-a-35071/)

sitrus 11-10-2002 12:30 PM
Proftpd 1.2.6 in Slackware 8.1
 
I'm setting up a proftpd 1.2.6 to a slack 8.1 server. This is my friends server.
The server runs well, but there is one problem. IF you connect to the ftpd from the same machine where the server is running there is no problems, but if you connect from another pc to it does this:
ncftp / > ls
Data connection timed out.
Falling back to PORT instead of PASV mode.

It works, but it takes some time. I haven't been able to figure out the problem why the PASSIVE mode fails when connecting from outside.
This is his firewall:
http://www.kevent.org/hype/files/misc/iptables.txt
this is his proftpd.conf
http://www.kevent.org/hype/files/misc/proftpdconf.txt
Ideas?

markus1982 11-10-2002 03:09 PM
Quote:
It works, but it takes some time. I haven't been able to figure out the problem why the PASSIVE mode fails when connecting from outside.
This is his firewall:
http://www.kevent.org/hype/files/misc/iptables.txt
this is his proftpd.conf
http://www.kevent.org/hype/files/misc/proftpdconf.txt
First of all a security related question: You've running ProFTPd on Port 6789 so why do you open up Port 21 on the firewall?
Quote:
$IPT -A INPUT -i $INT -s 0/0 -d 0/0 -p tcp --dport 21 -j ACCEPT
You don't need that in that case ;)


The problem itself is there cause of your firewall. PASV (PASSIVE) transfer required a port range transfer uses a port range and since your firewall will definately drop them that's why you get slow ...

Quote:
From http://www.proftpd.org/docs/directiv...l#PASSIVEPORTS
PassivePorts restricts the range of ports from which the server will select when sent the PASV command from a client. The server will randomly choose a number from within the specified range until an open port is found. Should no open ports be found within the given range, the server will default to a normal kernel-assigned port, and a message logged.

The port range selected must be in the non-privileged range (eg. greater than or equal to 1024); it is STRONGLY RECOMMENDED that the chosen range be large enough to handle many simultaneous passive connections (for example, 49152-65534, the IANA-registered ephemeral port range).

sitrus 11-10-2002 03:18 PM
Like said this is my friends server and he runs OpenSSH in port 21 because he can't connect to port 22 from his school. So the port 21 is open for sshd.

EDIT: thank you very much - You solved the problem. I opened 20 ports and added PassivePorts range to match those ports.

markus1982 11-10-2002 04:49 PM
Quote:
Like said this is my friends server and he runs OpenSSH in port 21 because he can't connect to port 22 from his school. So the port 21 is open for sshd.
Sorry I didn't really read that part just thought you missed something ;)

As always refer to the manual when you're faced with problems ... usually the original website and/or forum is the best place to start off ;)


All times are GMT -5. The time now is 07:57 PM.