On 05/05/2016 09:15 AM, Marcin Trendota wrote:
Howdy
I'm trying to run FTP server behind firewall. And i can't enable passive
mode from the Internet. There are plenty howtos but there aren't many
with my combination.
For now i have configured port forwarding and ftp server itself.
On the router:
# firewall-cmd --list-all --zone=external
external (active)
interfaces: enp3s1
sources:
services: openvpn ssh
ports: 1194/tcp 2666/tcp 88/tcp
masquerade: yes
forward-ports: port=21:proto=tcp:toport=:toaddr=10.0.32.7
port=10090-10100:proto=tcp:toport=:toaddr=10.0.32.7
port=88:proto=tcp:toport=80:toaddr=10.0.32.23
icmp-blocks:
rich rules:
I also did:
# modprobe ip_conntrack_ftp ports=10090,10100
excerpt form vsftpd.conf on the FTP server:
pasv_enable=Yes
pasv_min_port=10090
pasv_max_port=10100
pasv_addr_resolve=Yes
Do you have pasv_addr set to the hostname of the server?
pasv_address
Use this option to override the IP address that vsftpd will advertise in response to
the PASV command. Provide a numeric IP address, unless pasv_addr_resolve is enabled,
in which case you can provide a hostname which will be DNS resolved for you at
startup.
Default: (none - the address is taken from the incoming connected socket)
>From LAN or through VPN it works. But on the public address i can only
log in, cannot turn into passive mode:
Connected to ftp1.domain.com (xxx.xxx.xxx.xxx).
220 (vsFTPd 2.2.2)
Name (ftp1.domain.com:root): user
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,32,7,39,111).
ftp: connect: Connection timed out
Also this IP looks weird - shouldn't it be public IP?
What am i doing wrong?
TIA.
--
Stephen Clark
*NetWolves Managed Services, LLC.*
Director of Technology
Phone: 813-579-3200
Fax: 813-882-0209
Email: steve.clark@xxxxxxxxxxxxx
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
