[TriLUG] Curious VSFTP issue

John Broome jbroome at gmail.com
Thu Dec 8 11:44:35 EST 2005


I'm not sure, but is there ftp_proxy for iptables?


On 12/8/05, Matt Pusateri <mpusateri at wickedtrails.com> wrote:
> On a related note, I am not a IP tables guru :(  What rules do I have
> to add to let passive FTP in.  Do I just have to allow what ever high
> port range I have specifired in my ftp config?
>
> Matt P.
>
> On Wed, December 7, 2005 5:32 pm, Dave Sorenson wrote:
> > I'd agree except for the observation it was still not working when I
> > turned off the firewall entirely to make sure it was not a firewall
> > problem.
> >
> > Thanks for the thought though!
> >
> > Dave
> >
> > Joseph Mack NA3T wrote:
> >> On Wed, 7 Dec 2005, Dave Sorenson wrote:
> >>
> >>>>>
> >>>>>>> directory listing. I've tried both passive and active modes
> >>>>>>> with
> >>>>>>> multiple FTP clients, scoured the vsftpd.conf, firewall is open
> >>>>>>> on 20
> >>>>>>> and 21 (I even tried disabling the firewall briefly to make
> >>>>>>> sure
> >>>>>>> that
> >>>>>>> was not the problem) but no luck. anyone ever see this before?
> >>
> >> VSFTP in active mode calls from a high (>1024) port rather than port
> >> 20. This is to allow it to run without root privileges. watch it
> >> with
> >> netcat
> >>
> >>>>> Sounds like passive FTP not getting through the firewall.  Try
> >>>>> doing a
> >>>>> 'modprobe
> >>>>> ip_conntrack_ftp' on the server, or seeing if you can force your
> >>>>> client to
> >>>>> use
> >>>>> active mode only.
> >>
> >> iptables "RELATED" knows about the calling port
> >>
> >> Joe
> >>
> > --
> > TriLUG mailing list        :
> > http://www.trilug.org/mailman/listinfo/trilug
> > TriLUG Organizational FAQ  : http://trilug.org/faq/
> > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> >
>
>
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>



More information about the TriLUG mailing list