VSFTPD - tweaking things just right
Author
Though this may belong more on a networking forum I''ll post it here like I usually do. VSFTPD or any other FTP client either Linux or not can establish an active or passive connection that after using port 21 for the initial connection, a port 1024-65535 is used for the second data connection for file transfer. My router though only has port 20 and 21 open and I feel a bit reluctant to just open up all ports in that wide range. Are my concerns justified? Is there any other way or will I really need to open it all up in that range? I think after I fix this I shouldn''t have any more freagin problems with.
I would be slightly concerned, I had a firewall, so that only FTP, WWW and, SSH were able to go through, and that was fine. Try here for a list of programs that work within that range,as well as many others.
Some firewalls are able to detect that the outbound connect is related to the first FTP connection and permit the connection.
I believe IPTABLES support this if you load the ftp module, but its been a while since I ran an non Pix firewall on a daily basis.
Int.
I believe IPTABLES support this if you load the ftp module, but its been a while since I ran an non Pix firewall on a daily basis.
Int.
Author
quote:Original post by Interim
Some firewalls are able to detect that the outbound connect is related to the first FTP connection and permit the connection.
I believe IPTABLES support this if you load the ftp module, but its been a while since I ran an non Pix firewall on a daily basis.
Int.
I'll take a look into IPTABLES. I remember someone recommending using that to solve the issue. Of course if all else fails I'll just write php script with http.
EDIT: Though I did open up all high ports to test the system and people still had problems getting through. I made the conf file as open as possible too. I'll just scrap ftp except for my own purposes and just implement a script.
[edited by - nervo on August 20, 2003 1:54:40 AM]
Or if you have some other type of firewall between your computer, and the internet, make sure that port forwarding is enabled, and that ports 20 and 21 are forwarded to your computer. I noticed that you said you had a router, and want to make sure that works.
Author
quote:Original post by bastard2k5
Or if you have some other type of firewall between your computer, and the internet, make sure that port forwarding is enabled, and that ports 20 and 21 are forwarded to your computer. I noticed that you said you had a router, and want to make sure that works.
The router I have has not only ports 20 and 21 forwarded right now, but all high ports 1024 and above. Perhaps I need to read up more on detailed networking in order to make it work for everyone sometime in the future. I find it strange that some people get through while many others still don''t.
Do you have any sort of maximum connections, or any sort of limits of number of users in your ftp conf file? that could be a reason. Perhaps giving some people above anonymous accounts could ease it.
iirc,
one of them (Passive?) fails when your firewall is too restricive. the other (Active?) fails when the user''s firewall is too restrictive.
The real trick is finding out why those people are failing. Ask them to use a real ftp client (not IE) and to send you logs of their session if its still fails.
one of them (Passive?) fails when your firewall is too restricive. the other (Active?) fails when the user''s firewall is too restrictive.
The real trick is finding out why those people are failing. Ask them to use a real ftp client (not IE) and to send you logs of their session if its still fails.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
