Results 1 to 8 of 8

Thread: Pure-ftpd passive mode

  1. #1

    Default Pure-ftpd passive mode

    Hello,

    I have some problem, with setting up Pure-ftp...

    I have a mashine running opensuse 11.1 and pureftp service. I have
    configured everything, and everything works in active mode, but have
    problems with passive mode.
    I do not realy know is this is really pure-ftpd problem... so decided to post here

    So problem is that pure-ftpd wants to open ports, that is not in the range
    that is set in pure-ftpd.conf, i have set it to 30000 50000, opened that
    range in linux firewall, forwarded these ports in router, but when i
    trying to connect from remote computer - pure-ftpd sometimes is trying to
    connect in ports that is not in range...

    F.e.:

    Code:
    Response:	220-Welcome to Pure-FTPd.
    Response:	220-You are user number 2 of 10 allowed.
    Response:	220-This is a private system - No anonymous login
    Response:	220 You will be disconnected after 15 minutes of inactivity.
    Command:	USER aa
    Response:	331 User aa OK. Password required
    Command:	PASS *******
    Response:	230-User aa has group access to:  112      33       16
    Response:	230 OK. Current directory is /
    Status:	Connected
    Status:	Retrieving directory listing...
    Command:	PWD
    Response:	257 "/" is your current location
    Command:	TYPE I
    Response:	200 TYPE is now 8-bit binary
    Command:	PASV
    Response:	227 Entering Passive Mode (88,222,125,227,206,220)
    Command:	MLSD
    Error:	Connection timed out
    Error:	Failed to retrieve directory listing

    206*256+220 = 52956 port... thats not in my range... (30000 - 50000)


    aftes few retries, i can connect, because pure-ftpd choses port, that is open/forwarded


    Code:
    Response:	220-Welcome to Pure-FTPd.
    Response:	220-You are user number 1 of 10 allowed.
    Response:	220-This is a private system - No anonymous login
    Response:	220 You will be disconnected after 15 minutes of inactivity.
    Command:	USER aa
    Response:	331 User aa OK. Password required
    Command:	PASS *******
    Response:	230-User aa has group access to:  112      33       16
    Response:	230 OK. Current directory is /
    Status:	Connected
    Status:	Retrieving directory listing...
    Command:	PWD
    Response:	257 "/" is your current location
    Command:	TYPE I
    Response:	200 TYPE is now 8-bit binary
    Command:	PASV
    Response:	227 Entering Passive Mode (88,222,125,227,174,49)
    Command:	MLSD
    Response:	150 Accepted data connection
    Response:	226-ASCII
    Response:	226-Options: -a -l
    Response:	226 5 matches total
    Status:	Directory listing successful
    174*256+49 = 37681 ok, thats in range (30000 - 50000)

    What is wrong, and what can i do to make it work normally?

  2. #2
    Join Date
    Mar 2008
    Location
    Bochum, Germany
    Posts
    3,587

    Default Re: Pure-ftpd passive mode

    * mendoza lt wrote, On 11/04/2009 11:46 AM:
    > Response: 227 Entering Passive Mode (88,222,125,227,206,220)


    That'd be indeed a port out of range. Please doublecheck the pureftpd.conf and make sure you edited the one the server uses. Also make sure you restart the server after editing the file.

    Uwe

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,683
    Blog Entries
    4

    Default Re: Pure-ftpd passive mode

    If you are using a Linux firewall you should load the ftp connection tracking module which will peek inside the command stream and dynamically open the required port for the client to access the server. If your firewall is NATting, then you also need the ftp NAT tracking module. I think the name of the conntrack module off the top of my head is nf_conntrack_ftp.

  4. #4

    Default Re: Pure-ftpd passive mode

    Quote Originally Posted by buckesfeld View Post
    * mendoza lt wrote, On 11/04/2009 11:46 AM:
    > Response: 227 Entering Passive Mode (88,222,125,227,206,220)


    That'd be indeed a port out of range. Please doublecheck the pureftpd.conf and make sure you edited the one the server uses. Also make sure you restart the server after editing the file.

    Uwe
    All is done, after manual edition of pureftpd.conf, i have opened yast ftp server config, and there was ports, that i have entered, so it must be same file that daemon uses...
    restart - of course, i have restarted server, even computer itself physically not only by "rcpureftpd restart" ...

  5. #5

    Default Re: Pure-ftpd passive mode

    Quote Originally Posted by ken_yap View Post
    If you are using a Linux firewall you should load the ftp connection tracking module which will peek inside the command stream and dynamically open the required port for the client to access the server. If your firewall is NATting, then you also need the ftp NAT tracking module. I think the name of the conntrack module off the top of my head is nf_conntrack_ftp.
    I am using linux firewall, but NAT'ing is done by router (Linksys)...

  6. #6
    Join Date
    Mar 2008
    Location
    Bochum, Germany
    Posts
    3,587

    Default Re: Pure-ftpd passive mode

    * mendoza lt wrote, On 11/04/2009 04:36 PM:
    > All is done, after manual edition of pureftpd.conf, i have opened yast
    > ftp server config, and there was ports, that i have entered, so it must
    > be same file that daemon uses...


    Note that you can also start pureftpd with an option for the passive port range to use (google, I don't know the syntax out of my head) in order to bypass the pureftpd.conf. See if that makes a difference.

    Uwe

  7. #7

    Default Re: Pure-ftpd passive mode

    After lots of googleing i think i've found solution...

    https://bugzilla.novell.com/show_bug.cgi?id=465954

    editing /usr/sbin/pure-config-args to move
    PassivePortRange => "-p",
    from 'numpairb_switch_for' into 'numparic_switch_for' fixes the problem.
    Only one thing - i have done it backwards! I mean from 'numpairc_switch_for' into 'numparib_switch_for'


    Anyway it works mow...

  8. #8
    Join Date
    Mar 2008
    Location
    Bochum, Germany
    Posts
    3,587

    Default Re: Pure-ftpd passive mode

    * mendoza,

    cool, thanks for the feedback!

    Uwe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •