# vsftp problem!

## befortin

I'm using vsftpd, which works very well on my local network. However, when I connect from the Internet (port 2121 coming in forwarded to my-server-address at port 21 and port 20 forwarded to my-server-address at port 20, using an SMC broadband router), it doesn't works.

When using Passive mode, here's what I get (using Filezilla): 

 *Quote:*   

> 
> 
> Status:	Connecting to server-address:2121 ...
> 
> Status:	Connected with server-address:2121. Waiting for welcome message...
> ...

 

When I'm not in Passive mode, here's what i get (also using Filezilla) :

 *Quote:*   

> 
> 
> Status:	Connecting to server-address:2121 ...
> 
> Status:	Connected with server-address:2121. Waiting for welcome message...
> ...

 

Here's my vsftpd.conf file content (as you can see, i've already tried to set "pasv_promiscuous=YES") : 

 *Quote:*   

> 
> 
> listen=YES
> 
> background=YES
> ...

 

Anyone has something that I should try to get this working??   :Question:   :Question: Last edited by befortin on Tue Feb 01, 2005 3:22 pm; edited 1 time in total

----------

## befortin

Update : 

I've changed some configs in my vsftpd.conf file. Here's my new file : 

 *Quote:*   

> 
> 
> # RUN IN STANDALONE MODE
> 
> listen=YES
> ...

 

It still doesn't work... I have the same errors (even with PASV mode). Here's the vsftp's log : 

 *Quote:*   

> 
> 
> Tue Feb  1 09:58:01 2005 [pid 28274] CONNECT: Client "64.86.141.176"
> 
> Tue Feb  1 09:58:01 2005 [pid 28274] FTP response: Client "64.86.141.176", "220 (vsFTPd 1.2.2)"
> ...

 

----------

## Seron

Hi, I had a similar problem. Try adding to your config:

pasv_address=<your external ip-address>

After I added this I could make external connections, but not local, but that didn't matter much because I can connect by other means localy.

Hope it helps,

Seron

----------

## befortin

Thanks Seron. I've also read somewhere else that this could help, but I didn't even tried it, since my IP adress is assigned with DHCP...

I'm now using sftp in chroot jail and it works quite well. The only drawback is that sftp doesn't log the users activity (file transfers, connection time, etc.)

----------

## Seron

I knew I'd seen this somewhere. Have a look. Might be what you're looking for.

https://forums.gentoo.org/viewtopic.php?t=282630

----------

## rbr28

You want to set the range for passive ftp ports in your vsftpd.conf file.  Just set a range with these two parameters, and then make sure to open that range  on your router or firewall.  You also have to do this if you use a host based firewall.

pasv_min_port=40000

pasv_max_port=40100

----------

## befortin

rbr28 : I've already tried this and it didn't worked. I had 10 ports forwarder to the FTP server and pasv_min_port and pasv_max_port set but this was not enough. I think that I needed this AND also pasv_address.

Seron : This script seems really cool. I might try to use it some day, but I found that sftp encryption + chroot jail is also great.

----------

## reiman

I had a similar problem and this topic help t. Thanks

----------

## zagibu

I'm sorry to dig out this old thread, but I have the exact same problem as the creator. This is my vsftpd.conf:

```

# FILE: /etc/vsftpd/vsftpd.conf

# DESC: Configuration file for Very Secure FTP Daemon

# AUTH: zagibuGARBLE@GARBLEgmx.ch

# DATE: 28.04.06

# general settings

background=YES

listen=YES

use_localtime=YES

#async_abor_enable=YES

# logfiles

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

dual_log_enable=YES

log_ftp_protocol=YES

# timeouts

idle_session_timeout=300

data_connection_timeout=60

# users

anonymous_enable=NO

local_enable=YES

chroot_local_user=YES

nopriv_user=nobody

# filesystem

write_enable=YES

local_umask=022

local_root=/home

text_userdb_names=YES

ascii_download_enable=YES

ascii_upload_enable=YES

# banner

ftpd_banner=Welcome to zagiFTP Service

dirmessage_enable=YES

# security

ssl_enable=YES

rsa_cert_file=/etc/ssl/certs/zagiftp.pem

# connections

local_max_rate=10240

max_per_ip=2

max_clients=3

pasv_min_port=13242

pasv_max_port=13244

pasv_address=84.227.198.242

```

The address is assigned via script and the ports are being forwarded (I can see it in my firewall's log). But still the same result when trying to list a directory. With the standard FTP client (compiled with ssl support) I get:

```

150 Here comes the directory listing.

ssl_getc: SSL_read failed -1 = 0

421 Service not available, remote server has closed connection

```

And with FileZilla I get:

```

Command: LIST

Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Error: Could not retrieve directory listing

Command: TYPE I

Error: Timeout detected!

```

Any ideas?

----------

## Shade_MDK

adding this option in vsftpd config file," listen_port=...."

the port that this guy has to listen to...and route the external port to internal port without changing them (2121>2121) from the SMC router..

you may also consider a router problem also.. (software bugs..or ..etc) 

sincerely ..i've had some problems with some smc's in time ..

and i've switched to linksys...much better,,

wayyyyy much.. :Very Happy: 

i've installed a vsftp on a gentoo machine and it works rather fine.. behind a router.i mean

----------

## zagibu

I don't think this will help. I mean, listen_port's default is 21, which works fine for me, if I disable SSL mode. It even works with SSL enabled, at least the connect and commands that do not need a data connection.

Anyway, it's too much hassle for me. I think I'm dropping vsftpd and switch to sftp...

----------

