Help vsftp

[mw9999]

Can anybody help.

I am new to linux.

I am on the verge of pulling what little hair, I have out.

I have setup an ftp server on linux, running vsftp.

I can ftp from outside into the box with an active ftp connection no problem.

But I cannot create a PASV connection.

I have changed the vsftpd.conf file to read
pasv_enable=YES
pasv_max_port=65534
pasv_min_port=1024
port_enable=YES
pasv_address=xxx.xxx.xxx.xxx

I have also added two lines to the iptables

iptables -A OUTPUT -p tcp -o eth0 --dport 1024:65535 --sport 1024:65535 -j ACCEPT

iptables -A FORWARD -p tcp -i eth0 --sport 1024:65535 --dport 1024:65535 -j ACCEPT

After all that I still cannot get a pasv connection.

Can someone please tell me where I am going wrong.



Thanks for any help.

 

[thedaver]

I believe you may need to enable kernel module ip_ftp_conntrack or something similarly named to allow FTP to pass through the firewall properly.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[Kozusnik]

Another option is to allow port 20 ftp-data through the firewall.

Mark

 

[mw9999]

Cannot find ip_ftp_conntrack.

i have allowed port 20:tcp into the firewall but i still cannot get apasv connect.

The one thing i forgot to state the server is on a different network.

we connect to it via a router.

But if i set a computer up on the same network as the ftp server i still cannot connect.

Thanks for all the help.

Has anybody got any other ideas.

 

[thedaver]

the module name I spoke of is
"ip_conntrack_ftp"

It is required to allow FTP sessions to properly pass through an IPTables enabled firewall

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[mw9999]

I can now ftp with both pasv and active connection

Problem with nat on the router

Thanks for all the help