FTP (vsftpd) Problems - Timeout

seveninstl · April 25, 2010, 7:01pm

I’ve searched the forums and have not found an answer or suggestions that help with this issue… so here goes…

I’ve set up vsftpd on my Linux 11.2 server. Once the packages were installed I used Yast > Network Services > FTP Server to configure and start the service.

When testing using “ftp localhost” in terminal (as su), everything seems to work fine. But, when I am connecting from client machines (openSUSE, MacBookPro, WinXP), I get error messages. They are as follows: (IP marked out for security)

via openSUSE with FileZilla:


Status:	Connecting to 68.16.171.185:20...
Status:	Connection established, waiting for welcome message...
Response:	220 H3I FTP Server - USE BY PERMISSION ONLY
Command:	USER matt
Response:	331 Please specify the password.
Command:	PASS **********
Response:	230 Login successful.
Command:	OPTS UTF8 ON
Response:	200 Always in UTF8 mode.
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/home/Public/data"
Command:	TYPE I
Response:	200 Switching to Binary mode.
Command:	PASV
Response:	227 Entering Passive Mode (192,168,1,5,117,75)
Command:	LIST
Error:	Connection timed out
Error:	Failed to retrieve directory listing

on MackBookPro with Cyberduck


220 H3I FTP Server - USE BY PERMISSION ONLY\
USER thomas\
331 Please specify the password.\
PASS ********\
230 Login successful.\
FEAT\
211-Features:\
 EPRT\
 EPSV\
 MDTM\
 PASV\
 REST STREAM\
 SIZE\
 TVFS\
 UTF8\
211 End\
OPTS UTF8 ON\
200 Always in UTF8 mode.\
CWD /home/Public/data/1A Exchange\
250 Directory successfully changed.\
TYPE I\
200 Switching to Binary mode.\
PASV\
227 Entering Passive Mode (192,168,1,5,117,62)\
PORT 192,168,1,2,203,155\
500 Illegal PORT command.\
QUIT\
221 Goodbye.\

on WinXP making connection through Network Places (add new place) - Popup error window reads:
An error occurred opening that folder on the FTP Server.
Details:
200 Switching to ASCII mode.
227 Entering Passive Mode (192,168,1,5,177,98)

I am really at a loss as to why all seem to login and then timeout. Any help or a point in the right direction is greatly appreciated!!

twelveeighty · April 25, 2010, 7:39pm

It looks like your Passive connections are not getting through your firewall. I believe you have to setup your firewall to let PASV ports through - the ports you use are specified in the vsftpd.conf file.

seveninstl · April 25, 2010, 8:46pm

I’ve got the ports set to 1024 - 30100. Still no change in FTP client output(s).

Then I turned the filewall off just to make sure that wasn’t causing the problem… still no change in the FTP client output(s).

twelveeighty · April 25, 2010, 9:13pm

I’ve had this problem too, but it was a long time ago. I can’t remember exactly what the issue was, but it certainly had to do with PASV ports and firewall/networking (I know that doesn’t help you much :().
You have set up a HUGE range, by the way: 1024 through 30100. Are you sure your router is not blocking traffic in that range? Or perhaps another app is using a port in that range?

seveninstl · April 25, 2010, 10:47pm

I don’t know if it will help, but here is a copy of my vsftpd.conf file:


# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# If you do not change anything here you will have a minimum setup for an
# anonymus FTP server.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.

# General Settings
#
# Uncomment this to enable any form of FTP write command.
#
#write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
#
dirmessage_enable=YES
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#
nopriv_user=ftpsecure
#
# You may fully customise the login banner string:
#
#ftpd_banner="Welcome to FOOBAR FTP service."
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#
#ls_recurse_enable=YES
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#
#deny_email_enable=YES
#
# (default follows)
#
#banned_email_file=/etc/vsftpd.banned_emails
#
# If  enabled,  all  user  and  group  information in
# directory listings will be displayed as "ftp".
#
#hide_ids=YES

# Local FTP user Settings
# 
# Uncomment this to allow local users to log in.
#
#local_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
#local_umask=022
#
# Uncomment to put local users in a chroot() jail in their home directory
# after login.
#
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#
#chroot_list_enable=YES
#
# (default follows)
#
#chroot_list_file=/etc/vsftpd.chroot_list
#
# The maximum data transfer rate permitted, in bytes per second, for
# local authenticated users. The default is 0 (unlimited).
#
#local_max_rate=7200


# Anonymus FTP user Settings
#
# Allow anonymous FTP?
#
anonymous_enable=NO
#
# Anonymous users will only be allowed to download files which are
# world readable.
#
anon_world_readable_only=YES
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#
#anon_upload_enable=YES
#
# Default umask for anonymus users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
#anon_umask=022
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#
#anon_mkdir_write_enable=YES
#
# Uncomment this to enable anonymus FTP users to perform other write operations
# like deletion and renaming.
#
#anon_other_write_enable=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#
#chown_uploads=YES
#chown_username=whoever
#
# The maximum data transfer rate permitted, in bytes per second, for anonymous
# authenticated users. The default is 0 (unlimited).
#
#anon_max_rate=7200


# Log Settings
#
# Log to the syslog daemon instead of using an logfile.
#
syslog_enable=NO
#
# Uncomment this to log all FTP requests and responses.
#
#log_ftp_protocol=YES
#
# Activate logging of uploads/downloads.
#
#xferlog_enable=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#vsftpd_log_file=/var/log/vsftpd.log
# 
# If you want, you can have your log file in standard ftpd xferlog format.
# Note: This disables the normal logging unless you enable dual_log_enable below. 
#
#xferlog_std_format=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#xferlog_file=/var/log/xferlog
#
# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
#
#dual_log_enable=YES
#
# Uncomment this to enable session status information in the system process listing.
#
#setproctitle_enable=YES

# Transfer Settings
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
#
connect_from_port_20=YES

# PAM setting. Do NOT change this unless you know what you do!
#
pam_service_name=vsftpd

# Set listen=YES if you want vsftpd to run standalone
#
listen=YES

# Set to ssl_enable=YES if you want to enable SSL
ssl_enable=NO

# Limit passive ports to this range to assis firewalling
pasv_min_port=1024
pasv_max_port=30100
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_umask=0027
anon_upload_enable=NO
chroot_local_user=NO
ftpd_banner=H3I FTP Server - USE BY PERMISSION ONLY
idle_session_timeout=3600
local_enable=YES
local_root=/home/Public/data
local_umask=0000
log_ftp_protocol=NO
max_clients=10
max_per_ip=10
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
write_enable=YES

I’m not sure about the “ssl_tlsv1=YES” line. I have ssl set to off in the Yast interface for FTP Service.

Also, this client wants to be able to use FTP with many devices… every from iPhones to desktops with OS X, WinXP/7, and openSUSE. I read that port ranges very greatly with different FTP clients. So, I have a HUGE range… Is this not the case?