ProFTPd Problems Logging in from outside network

Discussion in 'Server Operation' started by Ran2004, Oct 10, 2005.

  1. Ran2004

    Ran2004 New Member

    Ok, I've seen that people using ProFTPd have had problems when they logged in from outside of their own networks. To remedy this we use Active mode instead of Passive mode. I don't want to have to do this, though. Is there anyway workaround for ProFTPd that will allow me to use passive mode? Thanks!

    Ran
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I think it's a firewall issue. Did you try passive mode? Did it work?
     
  3. Ran2004

    Ran2004 New Member

    I can only login from outside the network IF I used active mode. When I use passive mode it tells me:

    SmartFTP v1.5.990.11
    Resolving host name "24.166.119.12"
    Connecting to 24.166.119.12 Port: 21
    Connected to 24.166.119.12.
    220 FTP Server ready.
    USER narayani
    331 Password required for narayani.
    PASS (hidden)
    230 User narayani logged in.
    SYST
    215 UNIX Type: L8
    FEAT
    211-Features:
    211-MDTM
    211-REST STREAM
    211-SIZE
    211 End
    TYPE I
    200 Type set to I
    REST 0
    350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer
    PWD
    257 "/" is current directory.
    PASV
    An established connection was aborted by the software in your host machine.
    Server closed connection

    I don't want to have to use active mode though, it's a slight inconvienence as any other site I login to used passive. Is there a way to change it so I can use passive?
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I don't think it has to do with Proftpd. I still think that it's a firewall/router issue... :confused:
     
  5. Ran2004

    Ran2004 New Member

    I suppose that it's possible, I will take another look at the router settings when I go home later... I just don't know what else I can do, I mean, I forwarded port 21 to 192.168.15.101 (the adress of the server)...
     
  6. themachine

    themachine New Member HowtoForge Supporter ISPConfig Developer

    Passive Ftp

    I would agree that this is a firewall issue. I run passive ProFTP like such:

    /etc/proftpd.conf snippet

    Code:
    DefaultAddress    w.x.y.z
    PassivePorts	 30000 30050
    So I have 50 ports open from 30000 - 30050 to allow for 50 simaltaneous ftp connections (subsitituting your IP of course for w.x.y.z). On my firewall, I just open up ports 30000 - 30050 going to that server.

    iptables -A INPUT -d w.x.y.z -p tcp --dport 30000:30050 -j ACCEPT

    Or on a personal firewall device... just do the usual port forwarding thang forwarding ports 30000-30050 to the internal IP AS WELL AS the standard ports 20/21 for ftp.

    Then, once you connect you must initiate passive ftp unless the client automatically does:
    Code:
    ftp> passive
    Passive mode on
    Let me know if that helps, or if you have questions...
     
  7. Ran2004

    Ran2004 New Member

    Should the default address value be replaced with the local ip or the external ip? 192.168.15.101 or the other one... that I can't remember right now. Starts with a 24.
     
  8. themachine

    themachine New Member HowtoForge Supporter ISPConfig Developer

    Should be the IP that the Server is assigned.... so the internal IP 192.168.15.101.
     
  9. Ran2004

    Ran2004 New Member

    It worked wonderfully! Thank you!!!
     
  10. themachine

    themachine New Member HowtoForge Supporter ISPConfig Developer

    Always love to here that! ;)
     

Share This Page