1 |
On Thu, 18 Aug 2005, Michael Sullivan wrote: |
2 |
|
3 |
> One of my users is having a problem with FTP access to my server. He |
4 |
> says that he can connect and get a listing for his home directory, but |
5 |
> he can't do anything beyond seeing the listing. He's connecting from |
6 |
> outside the network. I can connect and interact with my personal |
7 |
> account through FTP just fine from inside the network, but everytime I |
8 |
> try to connect like he does (using ftp.espersunited.com) I get a 425 |
9 |
> Security Bad IP error. I don't have access to a computer physically |
10 |
> outside the network to use to diagnose this problem, so working around |
11 |
> this Bad IP error is my only option. The IP address that |
12 |
> ftp.espersunited.com points to is the external address of my router, so |
13 |
> it might be complaining because the requesting IP is the same as the |
14 |
> requested IP. Any help on fixing this? Google and the vsftpd.conf man |
15 |
> page were no help... |
16 |
|
17 |
Pleae be aware of how FTP works: there are two connections per user - one |
18 |
is the control port and one is for data. With active FTP, the user's FTP |
19 |
client picks a local port number for the data port. With passive FTP, the |
20 |
server picks a data port number and tells the client what port number to |
21 |
use. Obviously, your router and/or firewall needs to be configured to |
22 |
allow both types of ports into your LAN and to forward the ports to the |
23 |
correct place. Passive FTP is better from a firewall point of view but |
24 |
your firewall still needs to know to open the port for incoming |
25 |
connections. If you firewall is not capable of doing that then this wont |
26 |
work and you may need to put you FTP server outside of your firewall in a |
27 |
DMZ. |
28 |
|
29 |
|
30 |
-- |
31 |
|
32 |
-- |
33 |
gentoo-user@g.o mailing list |