1 |
On Thu, 2005-08-18 at 12:56 -0400, A. Khattri wrote: |
2 |
> On Thu, 18 Aug 2005, Michael Sullivan wrote: |
3 |
> |
4 |
> > One of my users is having a problem with FTP access to my server. He |
5 |
> > says that he can connect and get a listing for his home directory, but |
6 |
> > he can't do anything beyond seeing the listing. He's connecting from |
7 |
> > outside the network. I can connect and interact with my personal |
8 |
> > account through FTP just fine from inside the network, but everytime I |
9 |
> > try to connect like he does (using ftp.espersunited.com) I get a 425 |
10 |
> > Security Bad IP error. I don't have access to a computer physically |
11 |
> > outside the network to use to diagnose this problem, so working around |
12 |
> > this Bad IP error is my only option. The IP address that |
13 |
> > ftp.espersunited.com points to is the external address of my router, so |
14 |
> > it might be complaining because the requesting IP is the same as the |
15 |
> > requested IP. Any help on fixing this? Google and the vsftpd.conf man |
16 |
> > page were no help... |
17 |
> |
18 |
> Pleae be aware of how FTP works: there are two connections per user - one |
19 |
> is the control port and one is for data. With active FTP, the user's FTP |
20 |
> client picks a local port number for the data port. With passive FTP, the |
21 |
> server picks a data port number and tells the client what port number to |
22 |
> use. Obviously, your router and/or firewall needs to be configured to |
23 |
> allow both types of ports into your LAN and to forward the ports to the |
24 |
> correct place. Passive FTP is better from a firewall point of view but |
25 |
> your firewall still needs to know to open the port for incoming |
26 |
> connections. If you firewall is not capable of doing that then this wont |
27 |
> work and you may need to put you FTP server outside of your firewall in a |
28 |
> DMZ. |
29 |
|
30 |
The user can login with his username and password and get a listing of |
31 |
his home directory just fine (as I said above) so I don't see how this |
32 |
could be a firewall issue. Nevertheless, I checked the firewall and |
33 |
port forwarding settings in my router. TCP port 21 is forwarded to port |
34 |
21 of 192.168.1.2, which is my server box. |
35 |
|
36 |
-- |
37 |
gentoo-user@g.o mailing list |