More FTP questions (d'oh!)

**JoeyJoeJoe** · 07-28-2007, 02:50 PM

So, inside my home network I can hit my FTP server no problem and transfer files, as expected. Grand.

What I want to do is hit my server from anywhere on the web. The server is behind my home router. I forwarded both port 20 and 21 (UDP/TCP) to my server.

However when I jump on my neighbor's AP, I can authenticate to my server, but once I try to copy or download files, I get a "425 Use PORT or PASV first" error.

OK, my client is set for passive mode, so what else do I need to do?

Here is the client log:

220 Welcome to Joe's Ubuntu Server.
AUTH SSL
234 Proceed with negotiation.
PBSZ 0
200 PBSZ set to 0.
USER JoeyJoeJoe
331 Please specify the password.
PASS (password not shown)
230 Login successful.
FEAT
211-Features:
AUTH SSL
AUTH TLS
EPRT
EPSV
MDTM
PASV
PBSZ
PROT
REST STREAM
SIZE
TVFS
211 End
PWD
257 "/"
TYPE A
200 Switching to ASCII mode.
PROT P
200 PROT now Private.
PASV
227 Entering Passive Mode (192,168,1,111,117,197)
LIST

Thanks so much,
JJJ

**redhead** · 07-28-2007, 05:51 PM

You say you have your home router, what is that ? is it a linux machine using iptables to act as as firewall/router for your network ? Or is it a hardware router like Linksys WRT54GL ?

If it's a linux box acting as firewall/router you need to activate the ip_conntrack_ftp module, else it wont support your PASV ftp connection.

**JoeyJoeJoe** · 07-28-2007, 07:29 PM

Whoops. Sorry about that.

It's a WRT54GL running dd-wrt, actually.

**JoeyJoeJoe** · 08-03-2007, 03:37 PM

I have the following settings in my vsftpd.conf file

pasv_promiscuous=YES
pasv_min_port=15000
pasv_max_port=45000
pasv_address=joes_server.no-ip.biz
pasv_addr_resolve=YES

I am authenticating, no problem but still cannot get a folder list.

The client says that, when I enter passive mode the IP address is fine but the ports are not in the pasv_min/max port range indicated above.

Command: PASV
Response: 227 Entering Passive Mode (148,117,30,249,143,32)
Command: LIST
Error: Transfer channel can't be opened. Reason: No connection could be made because the target machine actively refused it.
Error: Could not retrieve directory listing

Ports 143 and 32 are not, obviously, between 15000 and 45000 so is that why I'm getting the error?

(Also, I only opened up that huge range temporarily for testing purposes.)