Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Michael Sullivan <michael@××××××××××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] OT - vsftp 425 bad IP connecting
Date: Thu, 18 Aug 2005 17:33:27
Message-Id: 1124385988.3575.44.camel@baby.espersunited.com
In Reply to: Re: [gentoo-user] OT - vsftp 425 bad IP connecting by "A. Khattri"
1 On Thu, 2005-08-18 at 12:56 -0400, A. Khattri wrote:
2 > On Thu, 18 Aug 2005, Michael Sullivan wrote:
3 >
4 > > One of my users is having a problem with FTP access to my server. He
5 > > says that he can connect and get a listing for his home directory, but
6 > > he can't do anything beyond seeing the listing. He's connecting from
7 > > outside the network. I can connect and interact with my personal
8 > > account through FTP just fine from inside the network, but everytime I
9 > > try to connect like he does (using ftp.espersunited.com) I get a 425
10 > > Security Bad IP error. I don't have access to a computer physically
11 > > outside the network to use to diagnose this problem, so working around
12 > > this Bad IP error is my only option. The IP address that
13 > > ftp.espersunited.com points to is the external address of my router, so
14 > > it might be complaining because the requesting IP is the same as the
15 > > requested IP. Any help on fixing this? Google and the vsftpd.conf man
16 > > page were no help...
17 >
18 > Pleae be aware of how FTP works: there are two connections per user - one
19 > is the control port and one is for data. With active FTP, the user's FTP
20 > client picks a local port number for the data port. With passive FTP, the
21 > server picks a data port number and tells the client what port number to
22 > use. Obviously, your router and/or firewall needs to be configured to
23 > allow both types of ports into your LAN and to forward the ports to the
24 > correct place. Passive FTP is better from a firewall point of view but
25 > your firewall still needs to know to open the port for incoming
26 > connections. If you firewall is not capable of doing that then this wont
27 > work and you may need to put you FTP server outside of your firewall in a
28 > DMZ.
29
30 The user can login with his username and password and get a listing of
31 his home directory just fine (as I said above) so I don't see how this
32 could be a firewall issue. Nevertheless, I checked the firewall and
33 port forwarding settings in my router. TCP port 21 is forwarded to port
34 21 of 192.168.1.2, which is my server box.
35
36 --
37 gentoo-user@g.o mailing list
Report Message
Find on MARC Find on Google Groups