Hi,
I've changed the default port on my FTP-server, by editing the proftpd.conf and then restart the daemon.
When I connect from the inside network everything works just fine, but from the outside I can login successfully but when the directory listing is about to show I get an "Illegal PORT" error.
Do I need to change the port setting somewere else as well?
PS. I'm forwarding the new port correctly in my firewall DS.
/Tomas
Please note the new address for this forum : forum.excito.org. The old address redirects here but I don't know for how long. Thanks !
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Problem changing the FTP port?
Here's what the log says:
I've managed to get it working when I've specified a specific port-range for Passive Ports in the conf and opened those in the firewall, but I would prefer having the ftp running in active mode only so that I can open only one port for incoming traffic in the firewall.
Maybe it's not possible to do that for any other port than 21?
/Tomas
Code: Select all
Jan 29 22:19:32 bubba proftpd[30160]: bubba (89.xyz.xyz.xyz[89.xyz.xyz.xyz]) - FTP session opened.
Jan 29 22:19:32 bubba proftpd[30160]: bubba (89.xyz.xyz.xyz[89.xyz.xyz.xyz]) - mod_delay/0.4: delaying for 94 usecs
Jan 29 22:19:32 bubba proftpd[30160]: bubba (89.xyz.xyz.xyz[89.xyz.xyz.xyz]) - mod_delay/0.4: delaying for 4903 usecs
Jan 29 22:20:03 bubba proftpd[30161]: bubba (89.xyz.xyz.xyz[89.xyz.xyz.xyz]) - FTP session opened.
Jan 29 22:20:04 bubba proftpd[30161]: bubba (89.xyz.xyz.xyz[89.xyz.xyz.xyz]) - mod_delay/0.4: delaying for 10307 usecs
Jan 29 22:20:04 bubba proftpd[30161]: bubba (89.xyz.xyz.xyz[89.xyz.xyz.xyz]) - Refused PORT 192,168,1,1,197,118 (address mismatch)
Maybe it's not possible to do that for any other port than 21?
/Tomas
And all you then need to do is tell this to google who will send you to (http://chronos.cs.msu.su/proftpd/Configuration.htmlTompa wrote:Refused PORT 192,168,1,1,197,118 (address mismatch)
THis suggests to me your nonstandard port is below 1024. Is that correct? If so move it to a higher number and try again. Also try a few other of the links google throws at you (or try google groups: http://groups.google.com/groups/search? ... t_s=Search)Normally, proftpd disallows clients from using the ftp PORT command with anything other than their own address (the source address of the ftp control connection), as well as preventing the use of PORT to specify a low-numbered (< 1024) port. In either case, the client is sent an "Invalid port" error and a message is syslog'd indicating either "address mismatch" or "bounce attack". By enabling this directive, proftpd will allow clients to transmit foreign data connection addresses that do not match the client's address. This allows such tricks as permitting a client to transfer a file between two FTP servers without involving itself in the actual data connection. Generally it's considered a bad idea, security-wise, to permit this sort of thing.
Ubi
Thanks for you efforts Ubi, but the port I'm using is way higher than 1024 so that's most likely not the problem... and believe me, I've tried to ask google for a solution but yet without results.
During my googling I've found pretty much the same tips as your link did which is that I need to run a masquerading module for the FTP traffic to work correctly through the NAT. When I first set this up I followed a guide on the proftpd site: http://www.proftpd.org/docs/howto/NAT.html which told me to configure a MasqueradeAddress setting with my public IP address in. So I did, but still no luck.
That's pretty much where I am now. Accept to run PASV mode or don't run at all.
Thanks again Ubi, I appreciate your efforts.
During my googling I've found pretty much the same tips as your link did which is that I need to run a masquerading module for the FTP traffic to work correctly through the NAT. When I first set this up I followed a guide on the proftpd site: http://www.proftpd.org/docs/howto/NAT.html which told me to configure a MasqueradeAddress setting with my public IP address in. So I did, but still no luck.
That's pretty much where I am now. Accept to run PASV mode or don't run at all.
Thanks again Ubi, I appreciate your efforts.
Hi Tompa,
FTP is a weird old protocol as it per default uses two TCP sockets when only one is needed. Perhaps ssh file transfer would work better?
When things are strange and just doesn't make sense, and you cannot find answers in the normal channels, you sometimes have to trouble-shoot them yourself.
To get an understanding about what is going on, install something like WireShark that will capture all packets going in and out of your ethernet adapter (WireShark mentioned because available on both Windows and Linux, there are several to choose from), and set up a suitable filter to capture only the things you are interested in, like TCP packets received and sent by your bubba and the FTP client. In my experience this makes it perfectly clear (after a lot of time spent analysing) why mysterious things happens.
I know it is a bit of an effort, but only you can fully understand your network topology and your setup...
Perhaps an easier approach:
Shut down all firewalls etc in your router, iptables in your bubba etc.
- Does it work?
If yes, then go figure.
If not, perhaps you have a problem with ports forwarded by your ISP?
Ok, I hope this was helpful and not just another bunch of bollox...
Good luck
/Cheeseboy
FTP is a weird old protocol as it per default uses two TCP sockets when only one is needed. Perhaps ssh file transfer would work better?
When things are strange and just doesn't make sense, and you cannot find answers in the normal channels, you sometimes have to trouble-shoot them yourself.
To get an understanding about what is going on, install something like WireShark that will capture all packets going in and out of your ethernet adapter (WireShark mentioned because available on both Windows and Linux, there are several to choose from), and set up a suitable filter to capture only the things you are interested in, like TCP packets received and sent by your bubba and the FTP client. In my experience this makes it perfectly clear (after a lot of time spent analysing) why mysterious things happens.
I know it is a bit of an effort, but only you can fully understand your network topology and your setup...
Perhaps an easier approach:
Shut down all firewalls etc in your router, iptables in your bubba etc.
- Does it work?
If yes, then go figure.
If not, perhaps you have a problem with ports forwarded by your ISP?
Ok, I hope this was helpful and not just another bunch of bollox...
Good luck
/Cheeseboy