[lug] VSFTP Doesn't connect for some people
Hugh Brown
hugh at math.byu.edu
Thu Oct 13 16:52:29 MDT 2005
I looked a little more closely, and found:
----------------------
connect_from_port_20
This controls whether PORT style data connections use port 20
(ftp-data) on the server machine. For security reasons, some
clients may insist that this is the case. Conversely, disabling
this option enables vsftpd to run with slightly less privilege.
Default: NO (but the sample config file enables it)
--------------------
this looks like it controls whether or not you'll accept an active
connection, but I suspect that it won't stop the client from trying (and
failing if it is set to NO). I'm not sure if there's another method for
doing an active connection besides the PORT way.
This parameter may be implicated as well.
-------------------
port_enable
Set to NO if you want to disallow the PORT method of obtaining a
data connection.
Default: YES
------------------------
This might be useful (theory being that if the command for creating an
active session isn't an allowed command, then maybe the client will fall
back to a passive connection):
--------------------
cmds_allowed
This options specifies a comma separated list of allowed FTP
commands (post login. USER, PASS and QUIT are always allowed
pre-login). Other commands are rejected. This is a powerful
method of really locking down an FTP server. Example:
cmds_allowed=PASV,RETR,QUIT
Default: (none)
--------------------------
All of the usefulness of the above is pure conjecture and is taken from
the man page.
Hugh
On Thu, 2005-10-13 at 16:30 -0600, Bill Thoen wrote:
> I looked in /etc/vsftpd/vsftpd.conf but didn't see anything about
> "passive" there. Should I be looking somewhere else?
>
> George Sexton wrote:
>
> >Probably passive is defaulting to ON for one, and OFF for the other.
> >
> >George Sexton
> >MH Software, Inc.
> >http://www.mhsoftware.com/
> >Voice: 303 438 9585
> >
> >
> >
> >
> >>-----Original Message-----
> >>From: lug-bounces at lug.boulder.co.us
> >>[mailto:lug-bounces at lug.boulder.co.us] On Behalf Of Bill Thoen
> >>Sent: Thursday, October 13, 2005 4:18 PM
> >>To: Boulder Linux Users Group
> >>Subject: [lug] VSFTP Doesn't connect for some people
> >>
> >>I recently had a system makeover (to Fedora Core 4) and now
> >>have my web
> >>and FTP server behind a firewall machine (also running FC4.)
> >>My VSFTP
> >>server has been working fine for most people. But I've
> >>noticed that one
> >>of my clients can't connect using the latest IE from an XP
> >>box (but she
> >>can get through with the default Windows FTP client that you can run
> >>from a command window), and several others around the world are
> >>reporting that "your FTP doesn't work" or "I get error 425."
> >>It all used
> >>to work, and it does still work for most people, but
> >>something needs a
> >>good tweaking.
> >>
> >>Does anyone have any recommendations as to what I should
> >>check? I'm not
> >>even sure what I should be looking for, but now I'm pretty sure the
> >>problem is on my end.
> >>
> >>- Bill Thoen
> >>
> >>_______________________________________________
> >>Web Page: http://lug.boulder.co.us
> >>Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >>Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >>
> >>
> >>
> >>
> >
> >_______________________________________________
> >Web Page: http://lug.boulder.co.us
> >Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
> >
> >
> >
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
--
Hugh Brown <hugh at math.byu.edu>
More information about the LUG
mailing list