vsftpd and firewall - problems

To: debian-user@lists.debian.org
Subject: vsftpd and firewall - problems
From: Mariusz <kajko04@o2.pl>
Date: Tue, 28 Jun 2005 10:04:19 -0400
Message-id: <[🔎] 200506281004.19844.kajko04@o2.pl>

HI.
I have some problems with a vsftpd and firewall.

I have a router from verizon where I set a rule for forwarding to the ftp port 
to the  server. This was working fine.
When I setup a firewall on the server then I lost a passive mode of the ftp. 
and I can't find right configuration.  Ftom local network i can connect 
without problems but from outside I have problem.

I can login, do pwd, cd .. ,  but I can't do ls:

vsftpd.conf :kajko@shop-5:~$ ftp mar.dyndns.info
Connected to mar.dyndns.info.
220 Welcome to blah FTP service.
Name (mar.dyndns.info:kajko):
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/kajko"
ftp> cd ..
250 Directory successfully changed.
ftp> pwd
257 "/home"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.

***** now it froze *****

vsftp.conf:
pasv_enable=yes
pasv_promiscuous=no
port_enable=yes
pasv_min_port=9920
pasv_max_port=9950

firewall:
arget     prot opt source               destination
allowed    tcp  --  anywhere             anywhere            tcp dpt:ftp
LOG        tcp  --  anywhere             anywhere            tcp dpt:ftp LOG 
level debug prefix `IPT FTP 21: '
allowed    tcp  --  anywhere             anywhere            tcp dpt:ftp-data
allowed    tcp  --  anywhere             anywhere            tcp 
dpts:9920:9950
LOG        tcp  --  anywhere             anywhere            tcp 
dpts:9920:9950 LOG level debug prefix `IPT FTP data: '


/proc/net/ip_conntrack
tcp      6 59 SYN_SENT src=192.168.1.101 dst=209.110.76.143 sport=20 
dport=32952 [UNREPLIED] src=209.110.76.143 dst=192.168.1.101 sport=32952 
dport=20 use=1
tcp      6 431939 ESTABLISHED src=209.110.76.143 dst=192.168.1.101 sport=32951 
dport=21 src=192.168.1.101 dst=209.110.76.143 sport=21 dport=32951 [ASSURED] 
use=2

In firewall I tryed also open ports 30000-40000

 lsmod |grep ip
ipt_REJECT              6528  2
ip_nat_ftp              4976  0
ip_conntrack_ftp       72112  1 ip_nat_ftp
ipt_state               2304  5
ipt_limit               2688  0
ipt_LOG                 6272  4
iptable_nat            22828  1 ip_nat_ftp
iptable_mangle          3072  0
ip_conntrack           32520  4 
ip_nat_ftp,ip_conntrack_ftp,ipt_state,iptable_nat
iptable_filter          3072  1
ip_tables              16896  7 
ipt_REJECT,ipt_state,ipt_limit,ipt_LOG,iptable_nat,iptable_mangle,iptable_filter
ipv6                  229764  26


Any sugestion how solve this problem?
I changed some times a passive ports but this not help me. Also I am not sure 
if it use this pots what I want or not. What port I realy use when I connect?

Thanks for any information.
-- 
Have a good day
---------------
Mariusz

Reply to:

Follow-Ups:
- Re: vsftpd and firewall - problems
  - From: Aurélien Campéas <aurelien.campeas@uni.lu>

Prev by Date: do you know about REALMS ?
Next by Date: Re: MythTV
Previous by thread: Re: do you know about REALMS ?
Next by thread: Re: vsftpd and firewall - problems
Index(es):
- Date
- Thread