PDA

View Full Version : ProFTPd Problems Logging in from outside network


Ran2004
10th October 2005, 04:37
Ok, I've seen that people using ProFTPd have had problems when they logged in from outside of their own networks. To remedy this we use Active mode instead of Passive mode. I don't want to have to do this, though. Is there anyway workaround for ProFTPd that will allow me to use passive mode? Thanks!

Ran

falko
10th October 2005, 13:32
I think it's a firewall issue. Did you try passive mode? Did it work?

Ran2004
10th October 2005, 17:31
I can only login from outside the network IF I used active mode. When I use passive mode it tells me:

SmartFTP v1.5.990.11
Resolving host name "24.166.119.12"
Connecting to 24.166.119.12 Port: 21
Connected to 24.166.119.12.
220 FTP Server ready.
USER narayani
331 Password required for narayani.
PASS (hidden)
230 User narayani logged in.
SYST
215 UNIX Type: L8
FEAT
211-Features:
211-MDTM
211-REST STREAM
211-SIZE
211 End
TYPE I
200 Type set to I
REST 0
350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer
PWD
257 "/" is current directory.
PASV
An established connection was aborted by the software in your host machine.
Server closed connection

I don't want to have to use active mode though, it's a slight inconvienence as any other site I login to used passive. Is there a way to change it so I can use passive?

falko
10th October 2005, 18:17
I don't want to have to use active mode though, it's a slight inconvienence as any other site I login to used passive. Is there a way to change it so I can use passive?

I don't think it has to do with Proftpd. I still think that it's a firewall/router issue... :confused:

Ran2004
11th October 2005, 20:23
I suppose that it's possible, I will take another look at the router settings when I go home later... I just don't know what else I can do, I mean, I forwarded port 21 to 192.168.15.101 (the adress of the server)...

themachine
15th October 2005, 19:33
I would agree that this is a firewall issue. I run passive ProFTP like such:

/etc/proftpd.conf snippet


DefaultAddress w.x.y.z
PassivePorts 30000 30050

So I have 50 ports open from 30000 - 30050 to allow for 50 simaltaneous ftp connections (subsitituting your IP of course for w.x.y.z). On my firewall, I just open up ports 30000 - 30050 going to that server.

iptables -A INPUT -d w.x.y.z -p tcp --dport 30000:30050 -j ACCEPT

Or on a personal firewall device... just do the usual port forwarding thang forwarding ports 30000-30050 to the internal IP AS WELL AS the standard ports 20/21 for ftp.

Then, once you connect you must initiate passive ftp unless the client automatically does:
ftp> passive
Passive mode on

Let me know if that helps, or if you have questions...

Ran2004
15th October 2005, 23:10
Should the default address value be replaced with the local ip or the external ip? 192.168.15.101 or the other one... that I can't remember right now. Starts with a 24.

themachine
15th October 2005, 23:19
Should be the IP that the Server is assigned.... so the internal IP 192.168.15.101.

Ran2004
17th October 2005, 00:52
It worked wonderfully! Thank you!!!

themachine
17th October 2005, 01:56
It worked wonderfully! Thank you!!!

Always love to here that! ;)