 |  |  |  |  |  |  |  |
vsftpd PASV + putty port forwarding
 |
I'm trying to set up a secure ftp transfer between my linux machine and my internet gateway running ubuntu 8.04.
I have vsftpd installed but I can't get PASV connection to work with putty. My ubuntu firewall blocks everything except ssh.
From my windows XP machine I establish a connection with putty to my ubuntu machine. I have putty forward local port 21(windows machine) to 127.0.0.1:21(ubuntu machine).
This works sort of. I use the ftp client from windows command line to connect to 127.0.0.1 21, which forwards me to port 21 on the ubuntu machine and allows me to connect/login.
Then after I enter "quote PASV" and try a "dir" command it hangs. In vsftpd.conf I had added lines pasv_max_port=21 and pasv_min_port=21 so that the ftp server would tell the windows ftp client to use port 21 for data transfers.
I then added "pasv_address=127.0.0.1" to vsftpd.conf, thinking vsftp was telling the windows ftp client to try and connect to something other than localhost, and vsftpd wouldn't start, it said I had to edit 2 files.
I already have sftp working with psftp.exe, but I'd like one entry point into my system and psftp doesn't load bash.bashrc, so I want ftp through ssh to work.
See this site for PASV ftp: http://www.slacksite.com/other/ftp.html
I have vsftpd installed but I can't get PASV connection to work with putty. My ubuntu firewall blocks everything except ssh.
From my windows XP machine I establish a connection with putty to my ubuntu machine. I have putty forward local port 21(windows machine) to 127.0.0.1:21(ubuntu machine).
This works sort of. I use the ftp client from windows command line to connect to 127.0.0.1 21, which forwards me to port 21 on the ubuntu machine and allows me to connect/login.
Then after I enter "quote PASV" and try a "dir" command it hangs. In vsftpd.conf I had added lines pasv_max_port=21 and pasv_min_port=21 so that the ftp server would tell the windows ftp client to use port 21 for data transfers.
I then added "pasv_address=127.0.0.1" to vsftpd.conf, thinking vsftp was telling the windows ftp client to try and connect to something other than localhost, and vsftpd wouldn't start, it said I had to edit 2 files.
I already have sftp working with psftp.exe, but I'd like one entry point into my system and psftp doesn't load bash.bashrc, so I want ftp through ssh to work.
See this site for PASV ftp: http://www.slacksite.com/other/ftp.html
Ok I decided to ditch the port forwarding and just get it working normally first. I got it working by opening my local interface through iptables.
In vsftpd.conf I specified a port range of 55000 to 55100 for PASV ports, but vsftpd doesn't use that range.
Using wireshark I captured ftp packets and saw vsftpd sent PASV ports 62237 and 58847 for two different ftp sessions.
Why is it not using the specified range?
Here is a non-commented copy of vsftpd.conf.
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
pasv_max_port=55000
pasv_min_port=55100
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
log_ftp_protocol=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
In vsftpd.conf I specified a port range of 55000 to 55100 for PASV ports, but vsftpd doesn't use that range.
Using wireshark I captured ftp packets and saw vsftpd sent PASV ports 62237 and 58847 for two different ftp sessions.
Why is it not using the specified range?
Here is a non-commented copy of vsftpd.conf.
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
pasv_max_port=55000
pasv_min_port=55100
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
log_ftp_protocol=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
|
Other Threads in the *nix Software Forum
- Previous Thread: auth.log gone
- Next Thread: cannot authenticate user/ yum question
Views: 2569 | Replies: 2
| Thread Tools | Search this Thread |
Latest *nix Software Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
Tag cloud for *nix Software
2005 apache bashscripting busybox cert codeplex debian dotnetnuke emacs forwarding free fsf gaming gnu government gpl lawsuits license linux ls mail make makefile mandriva microsoft mkisofsiso obama open opensource port postfix ps3 samba security server sflc sharing software source stallman subdirectory ubuntu unix vmware xbox
