| 1 |
On Thu, 18 Aug 2005, Michael Sullivan wrote: |
| 2 |
|
| 3 |
> One of my users is having a problem with FTP access to my server. He |
| 4 |
> says that he can connect and get a listing for his home directory, but |
| 5 |
> he can't do anything beyond seeing the listing. He's connecting from |
| 6 |
> outside the network. I can connect and interact with my personal |
| 7 |
> account through FTP just fine from inside the network, but everytime I |
| 8 |
> try to connect like he does (using ftp.espersunited.com) I get a 425 |
| 9 |
> Security Bad IP error. I don't have access to a computer physically |
| 10 |
> outside the network to use to diagnose this problem, so working around |
| 11 |
> this Bad IP error is my only option. The IP address that |
| 12 |
> ftp.espersunited.com points to is the external address of my router, so |
| 13 |
> it might be complaining because the requesting IP is the same as the |
| 14 |
> requested IP. Any help on fixing this? Google and the vsftpd.conf man |
| 15 |
> page were no help... |
| 16 |
|
| 17 |
Pleae be aware of how FTP works: there are two connections per user - one |
| 18 |
is the control port and one is for data. With active FTP, the user's FTP |
| 19 |
client picks a local port number for the data port. With passive FTP, the |
| 20 |
server picks a data port number and tells the client what port number to |
| 21 |
use. Obviously, your router and/or firewall needs to be configured to |
| 22 |
allow both types of ports into your LAN and to forward the ports to the |
| 23 |
correct place. Passive FTP is better from a firewall point of view but |
| 24 |
your firewall still needs to know to open the port for incoming |
| 25 |
connections. If you firewall is not capable of doing that then this wont |
| 26 |
work and you may need to put you FTP server outside of your firewall in a |
| 27 |
DMZ. |
| 28 |
|
| 29 |
|
| 30 |
-- |
| 31 |
|
| 32 |
-- |
| 33 |
gentoo-user@g.o mailing list |
Archives