Find the answer to your Linux question:
Results 1 to 2 of 2
Hello, I'll start by explaining exactly what my setup is. I have 2 Fedora 10 systems, one is the server with VSFTPD installed, and the other is a gateway/router. Both ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2008
    Posts
    4

    ls, dir hang up FTP client


    Hello,

    I'll start by explaining exactly what my setup is. I have 2 Fedora 10 systems, one is the server with VSFTPD installed, and the other is a gateway/router. Both machines are setup on a subnet, the server with IP 10.0.10.2 and the Gateway/Router with internal Subnet IP: 10.0.10.1 and 192.168.0.196 on the external subnet. I have setup IPtables, to forward connections for FTP incoming on 192.168.0.196 to the server's 10.0.10.2. I am able to connect just fine, however i cannot get a directory listing, as either anonymous or as a local user, I need to do this in passive mode but am having some problems. Any assistance would be greatly appreciated. I have spent a very long time googling, and reading trying to come up with a solution, but with no luck.

    Below is the error i am getting along with all my config files.

    IPTABLES config on server
    *nat
    :PREROUTING ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :POSTROUTING ACCEPT [0:0]
    -A POSTROUTING -o eth1 -j MASQUERADE
    -A PREROUTING -i eth1 -p tcp --dport 20 -j DNAT --to-destination 10.0.10.2
    -A PREROUTING -i eth1 -p tcp --dport 1024:65535 -j DNAT --to-destination 10.0.10.2
    -A PREROUTING -i eth1 -p tcp --dport 21 -j DNAT --to-destination 10.0.10.2
    COMMIT
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
    -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A FORWARD -o eth1 -j ACCEPT
    -A FORWARD -i eth1 -m state --state NEW -m tcp -p tcp -d 10.0.10.2 --dport 20 -j ACCEPT
    -A FORWARD -i eth1 -m state --state NEW -m tcp -p tcp -d 10.0.10.2 --dport 1024:65535 -j ACCEPT
    -A FORWARD -i eth1 -m state --state NEW -m tcp -p tcp -d 10.0.10.2 --dport 21 -j ACCEPT
    COMMIT
    VSFTPD Config Just options i have added extra to allow me to connect anonymously and enable passive On FTP SEVER

    anonymous_enable=YES
    anon_max_rate=131072
    anon_root=/var/ftp
    chown_upload_mode=0722
    #Max Clients
    max_clients=50
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    #PASSIVE
    pasv_enable=YES
    port_enable=YES
    pasv_max_port=65535
    pasv_min_port=1024

    # Uncomment this to enable any form of FTP write command.
    write_enable=YES

    FTP client Output
    ftp> open 192.168.0.196
    Connected to 192.168.0.196.
    220 (vsFTPd 2.1.2)
    530 Please login with USER and PASS.
    530 Please login with USER and PASS.
    KERBEROS_V4 rejected as an authentication type
    Name (192.168.0.196:SHARPY): anonymous
    331 Please specify the password.
    Password:
    230 Login successful.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> ls
    227 Entering Passive Mode (10,0,10,2,4,0).
    I have reason to believe it may be something with the ports on IPTABLES but i am at my wits end...Any assistance would be greatly appreciated.

    Thank you.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Do you have "ip_conntrack_ftp" loaded?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •