[TriLUG] Curious VSFTP issue
Matt Pusateri
mpusateri at wickedtrails.com
Thu Dec 8 11:26:59 EST 2005
On a related note, I am not a IP tables guru :( What rules do I have
to add to let passive FTP in. Do I just have to allow what ever high
port range I have specifired in my ftp config?
Matt P.
On Wed, December 7, 2005 5:32 pm, Dave Sorenson wrote:
> I'd agree except for the observation it was still not working when I
> turned off the firewall entirely to make sure it was not a firewall
> problem.
>
> Thanks for the thought though!
>
> Dave
>
> Joseph Mack NA3T wrote:
>> On Wed, 7 Dec 2005, Dave Sorenson wrote:
>>
>>>>>
>>>>>>> directory listing. I've tried both passive and active modes
>>>>>>> with
>>>>>>> multiple FTP clients, scoured the vsftpd.conf, firewall is open
>>>>>>> on 20
>>>>>>> and 21 (I even tried disabling the firewall briefly to make
>>>>>>> sure
>>>>>>> that
>>>>>>> was not the problem) but no luck. anyone ever see this before?
>>
>> VSFTP in active mode calls from a high (>1024) port rather than port
>> 20. This is to allow it to run without root privileges. watch it
>> with
>> netcat
>>
>>>>> Sounds like passive FTP not getting through the firewall. Try
>>>>> doing a
>>>>> 'modprobe
>>>>> ip_conntrack_ftp' on the server, or seeing if you can force your
>>>>> client to
>>>>> use
>>>>> active mode only.
>>
>> iptables "RELATED" knows about the calling port
>>
>> Joe
>>
> --
> TriLUG mailing list :
> http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list