netopia 3000 and vsftpd - Networking

This is a discussion on netopia 3000 and vsftpd - Networking ; Hey everyone I had the vsftpd working on my cable modem and then we transfered it to the office which is behind a Netopia 3000 router. Now we get a connection timeout when we try and use the ftp from ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: netopia 3000 and vsftpd

  1. netopia 3000 and vsftpd

    Hey everyone I had the vsftpd working on my cable modem and then we
    transfered it to the office which is behind a Netopia 3000 router.
    Now we get a connection timeout when we try and use the ftp from the
    outside. Has anyone had this problem? I have the port forwarding
    setup for UDP and TCP on ports 21 and 20. Is there anything more I
    need to do? I also have apache going and port 80 open and it works
    perfectly. Any help would be appreciated.

    Greg

  2. Re: netopia 3000 and vsftpd

    On Mar 4, 11:56*pm, Greg wrote:
    > Hey everyone I had the vsftpd working on my cable modem and then we
    > transfered it to the office which is behind a Netopia 3000 router.
    > Now we get a connection timeout when we try and use the ftp from the
    > outside. *Has anyone had this problem? *I have the port forwarding
    > setup for UDP and TCP on ports 21 and 20. *Is there anything more I
    > need to do? *I also have apache going and port 80 open and it works
    > perfectly. *Any help would be appreciated.
    >
    > Greg


    Alright so if I do anonymious login it works just fine but if I try to
    do local users it times out. Any ideas on anyone's part would be
    fantastic.

  3. Re: netopia 3000 and vsftpd

    On Tue, 04 Mar 2008 23:56:47 -0800, Greg rearranged some electrons to say:

    > Hey everyone I had the vsftpd working on my cable modem and then we
    > transfered it to the office which is behind a Netopia 3000 router. Now
    > we get a connection timeout when we try and use the ftp from the
    > outside. Has anyone had this problem? I have the port forwarding setup
    > for UDP and TCP on ports 21 and 20. Is there anything more I need to
    > do? I also have apache going and port 80 open and it works perfectly.
    > Any help would be appreciated.
    >
    > Greg


    If you're using passive mode, you also have to forward whatever ports you
    have vsftpd using for that.

    See:
    http://vsftpd.beasts.org/vsftpd_conf.html#lbAF
    pasv_max_port and pasv_min_port




  4. Re: netopia 3000 and vsftpd

    On Mar 5, 2:18*am, david wrote:
    > On Tue, 04 Mar 2008 23:56:47 -0800, Greg rearranged some electrons to say:
    >
    > > Hey everyone I had the vsftpd working on my cable modem and then we
    > > transfered it to the office which is behind a Netopia 3000 router. Now
    > > we get a connection timeout when we try and use the ftp from the
    > > outside. *Has anyone had this problem? *I have the port forwarding setup
    > > for UDP and TCP on ports 21 and 20. *Is there anything more I need to
    > > do? *I also have apache going and port 80 open and it works perfectly.
    > > Any help would be appreciated.

    >
    > > Greg

    >
    > If you're using passive mode, you also have to forward whatever ports you
    > have vsftpd using for that. *
    >
    > See:http://vsftpd.beasts.org/vsftpd_conf.html#lbAF
    > pasv_max_port and pasv_min_port


    Alright..I don't remember having to do this on my dlink but I will
    look into this. How come it works for the anonymious log-in on
    passive mode?

  5. Re: netopia 3000 and vsftpd

    On Wed, 05 Mar 2008 10:57:42 -0800, Greg rearranged some electrons to say:

    > On Mar 5, 2:18*am, david wrote:
    >> On Tue, 04 Mar 2008 23:56:47 -0800, Greg rearranged some electrons to
    >> say:
    >>
    >> > Hey everyone I had the vsftpd working on my cable modem and then we
    >> > transfered it to the office which is behind a Netopia 3000 router.
    >> > Now we get a connection timeout when we try and use the ftp from the
    >> > outside. *Has anyone had this problem? *I have the port forwarding
    >> > setup for UDP and TCP on ports 21 and 20. *Is there anything more I
    >> > need to do? *I also have apache going and port 80 open and it works
    >> > perfectly. Any help would be appreciated.

    >>
    >> > Greg

    >>
    >> If you're using passive mode, you also have to forward whatever ports
    >> you have vsftpd using for that.
    >>
    >> See:http://vsftpd.beasts.org/vsftpd_conf.html#lbAF pasv_max_port and
    >> pasv_min_port

    >
    > Alright..I don't remember having to do this on my dlink but I will look
    > into this. How come it works for the anonymious log-in on passive mode?


    Perhaps you have something else broken in your vsftpd.conf file. Post it
    here so it can be looked at perhaps?

  6. Re: netopia 3000 and vsftpd

    On Mar 5, 6:45*pm, david wrote:
    > On Wed, 05 Mar 2008 10:57:42 -0800, Greg rearranged some electrons to say:
    >
    >
    >
    >
    >
    > > On Mar 5, 2:18*am, david wrote:
    > >> On Tue, 04 Mar 2008 23:56:47 -0800, Greg rearranged some electrons to
    > >> say:

    >
    > >> > Hey everyone I had the vsftpd working on my cable modem and then we
    > >> > transfered it to the office which is behind a Netopia 3000 router.
    > >> > Now we get a connection timeout when we try and use the ftp from the
    > >> > outside. *Has anyone had this problem? *I have the port forwarding
    > >> > setup for UDP and TCP on ports 21 and 20. *Is there anything more I
    > >> > need to do? *I also have apache going and port 80 open and it works
    > >> > perfectly. Any help would be appreciated.

    >
    > >> > Greg

    >
    > >> If you're using passive mode, you also have to forward whatever ports
    > >> you have vsftpd using for that.

    >
    > >> See:http://vsftpd.beasts.org/vsftpd_conf...Fpasv_max_port and
    > >> pasv_min_port

    >
    > > Alright..I don't remember having to do this on my dlink but I will look
    > > into this. *How come it works for the anonymious log-in on passive mode?

    >
    > Perhaps you have something else broken in your vsftpd.conf file. *Post it
    > here so it can be looked at perhaps?- Hide quoted text -
    >
    > - Show quoted text -

    # Example config file /etc/vsftpd/vsftpd.conf
    #
    # The default compiled in settings are fairly paranoid. This sample
    file
    # loosens things up a bit, to make the ftp daemon more usable.
    # Please see vsftpd.conf.5 for all compiled in defaults.
    #
    # READ THIS: This example file is NOT an exhaustive list of vsftpd
    options.
    # Please read the vsftpd.conf.5 manual page to get a full idea of
    vsftpd's
    # capabilities.
    #
    # Allow anonymous FTP? (Beware - allowed by default if you comment
    this out).
    anonymous_enable=YES
    #
    # Uncomment this to allow local users to log in.
    local_enable=YES
    #
    # Uncomment this to enable any form of FTP write command.
    write_enable=YES
    #
    # Default umask for local users is 077. You may wish to change this to
    022,
    # if your users expect that (022 is used by most other ftpd's)
    local_umask=022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This
    only
    # has an effect if the above global write enable is activated. Also,
    you will
    # obviously need to create a directory writable by the FTP user.
    #anon_upload_enable=YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to
    create
    # new directories.
    #anon_mkdir_write_enable=YES
    #
    # Activate directory messages - messages given to remote users when
    they
    # go into a certain directory.
    dirmessage_enable=YES
    #
    # Activate logging of uploads/downloads.
    xferlog_enable=YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-
    data).
    connect_from_port_20=YES
    #
    # If you want, you can arrange for uploaded anonymous files to be
    owned by
    # a different user. Note! Using "root" for uploaded files is not
    # recommended!
    chown_uploads=YES
    chown_username=gshirey
    #
    # You may override where the log file goes if you like. The default is
    shown
    # below.
    #xferlog_file=/var/log/vsftpd.log
    #
    # If you want, you can have your log file in standard ftpd xferlog
    format
    xferlog_std_format=YES
    #
    # You may change the default value for timing out an idle session.
    idle_session_timeout=6000
    #
    # You may change the default value for timing out a data connection.
    data_connection_timeout=1200
    #
    # It is recommended that you define on your system a unique user which
    the
    # ftp server can use as a totally isolated and unprivileged user.
    #nopriv_user=ftpsecure
    #
    # Enable this and the server will recognise asynchronous ABOR
    requests. Not
    # recommended for security (the code is non-trivial). Not enabling it,
    # however, may confuse older FTP clients.
    #async_abor_enable=YES
    #
    # By default the server will pretend to allow ASCII mode but in fact
    ignore
    # the request. Turn on the below options to have the server actually
    do ASCII
    # mangling on files when in ASCII mode.
    # Beware that on some FTP servers, ASCII support allows a denial of
    service
    # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    # predicted this attack and has always been safe, reporting the size
    of the
    # raw file.
    # ASCII mangling is a horrible feature of the protocol.
    #ascii_upload_enable=YES
    #ascii_download_enable=YES
    #
    # You may fully customise the login banner string:
    #ftpd_banner=Welcome to blah FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses.
    Apparently
    # useful for combatting certain DoS attacks.
    #deny_email_enable=YES
    # (default follows)
    #banned_email_file=/etc/vsftpd/banned_emails
    #
    # You may specify an explicit list of local users to chroot() to their
    home
    # directory. If chroot_local_user is YES, then this list becomes a
    list of
    # users to NOT chroot().
    #chroot_list_enable=YES
    # (default follows)
    #chroot_list_file=/etc/vsftpd/chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled
    by
    # default to avoid remote users being able to cause excessive I/O on
    large
    # sites. However, some broken FTP clients such as "ncftp" and "mirror"
    assume
    # the presence of the "-R" option, so there is a strong case for
    enabling it.
    #ls_recurse_enable=YES
    #
    # When "listen" directive is enabled, vsftpd runs in standalone mode
    and
    # listens on IPv4 sockets. This directive cannot be used in
    conjunction
    # with the listen_ipv6 directive.
    listen=YES
    #
    # This directive enables listening on IPv6 sockets. To listen on IPv4
    and IPv6
    # sockets, you must run two copies of vsftpd whith two configuration
    files.
    # Make sure, that one of the listen options is commented !!
    #listen_ipv6=YES

    pam_service_name=vsftpd
    userlist_enable=YES
    tcp_wrappers=YES
    accept_timeout=300
    connect_timeout=300
    idle_session_timeout=500
    use_localtime=YES




    There it is. It is weird though, anything requiring a password
    remotely hangs a little bit. Even when I ssh in it takes a bit more
    time than normal.

  7. Re: netopia 3000 and vsftpd

    On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons to say:


    >
    > There it is. It is weird though, anything requiring a password remotely
    > hangs a little bit. Even when I ssh in it takes a bit more time than
    > normal.


    "Hangs a little bit?" Earlier you said it times out. Which is it?

    Since you have "userlist_enable" turned on, read carefully the man page
    on how that works. What's in /etc/vsftpd/user_list ?

  8. Re: netopia 3000 and vsftpd

    On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons to say:

    >
    > There it is. It is weird though, anything requiring a password remotely
    > hangs a little bit. Even when I ssh in it takes a bit more time than
    > normal.


    Oh, you didn't specify the PASV port ranges. The default behavior is
    "any port" according to the documentation. Your router would need to
    know which ports to forward, and without a range specified, you would
    probably have to forward all of them.


  9. Re: netopia 3000 and vsftpd

    On Mar 6, 2:16*am, david wrote:
    > On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons to say:
    >
    >
    >
    > > There it is. *It is weird though, anything requiring a password remotely
    > > hangs a little bit. *Even when I ssh in it takes a bit more time than
    > > normal.

    >
    > Oh, you didn't specify the PASV port ranges. * The default behavior is
    > "any port" according to the documentation. *Your router would need to
    > know which ports to forward, and without a range specified, you would
    > probably have to forward all of them.


    I limited the port by saying the min is 20 and max is 21. It still
    times out.

  10. Re: netopia 3000 and vsftpd

    On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons to say:

    > On Mar 6, 2:16*am, david wrote:
    >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons to
    >> say:
    >>
    >>
    >>
    >> > There it is. *It is weird though, anything requiring a password
    >> > remotely hangs a little bit. *Even when I ssh in it takes a bit more
    >> > time than normal.

    >>
    >> Oh, you didn't specify the PASV port ranges. * The default behavior is
    >> "any port" according to the documentation. *Your router would need to
    >> know which ports to forward, and without a range specified, you would
    >> probably have to forward all of them.

    >
    > I limited the port by saying the min is 20 and max is 21. It still
    > times out.


    Ah, no, that's not how PASV mode works. You need to pick another range
    (>1023)

    http://en.wikipedia.org/wiki/File_Transfer_Protocol
    http://www.slacksite.com/other/ftp.html#intro

  11. Re: netopia 3000 and vsftpd

    On Mar 6, 10:15*pm, david wrote:
    > On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons to say:
    >
    >
    >
    >
    >
    > > On Mar 6, 2:16*am, david wrote:
    > >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons to
    > >> say:

    >
    > >> > There it is. *It is weird though, anything requiring a password
    > >> > remotely hangs a little bit. *Even when I ssh in it takes a bit more
    > >> > time than normal.

    >
    > >> Oh, you didn't specify the PASV port ranges. * The default behavior is
    > >> "any port" according to the documentation. *Your router would need to
    > >> know which ports to forward, and without a range specified, you would
    > >> probably have to forward all of them.

    >
    > > I limited the port by saying the min is 20 and max is 21. *It still
    > > times out.

    >
    > Ah, no, that's not how PASV mode works. *You need to pick another range
    > (>1023)
    >
    > http://en.wikipedia.org/wiki/File_Tr...tp.html#intro- Hide quoted text -
    >
    > - Show quoted text -


    Yeah I opened a gang of high ports and told vsftpd about them but
    still same result.

  12. Re: netopia 3000 and vsftpd

    On Mar 7, 11:18*pm, Greg wrote:
    > On Mar 6, 10:15*pm, david wrote:
    >
    >
    >
    >
    >
    > > On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons to say:

    >
    > > > On Mar 6, 2:16*am, david wrote:
    > > >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons to
    > > >> say:

    >
    > > >> > There it is. *It is weird though, anything requiring a password
    > > >> > remotely hangs a little bit. *Even when I ssh in it takes a bit more
    > > >> > time than normal.

    >
    > > >> Oh, you didn't specify the PASV port ranges. * The default behavioris
    > > >> "any port" according to the documentation. *Your router would need to
    > > >> know which ports to forward, and without a range specified, you would
    > > >> probably have to forward all of them.

    >
    > > > I limited the port by saying the min is 20 and max is 21. *It still
    > > > times out.

    >
    > > Ah, no, that's not how PASV mode works. *You need to pick another range
    > > (>1023)

    >
    > >http://en.wikipedia.org/wiki/File_Tr...slacksi...Hide quoted text -

    >
    > > - Show quoted text -

    >
    > Yeah I opened a gang of high ports and told vsftpd about them but
    > still same result.- Hide quoted text -
    >
    > - Show quoted text -


    Anyone have any other ideas?

  13. Re: netopia 3000 and vsftpd

    On Sun, 09 Mar 2008 22:27:10 -0700, Greg rearranged some electrons to say:

    > On Mar 7, 11:18*pm, Greg wrote:
    >> On Mar 6, 10:15*pm, david wrote:
    >>
    >>
    >>
    >>
    >>
    >> > On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons to
    >> > say:

    >>
    >> > > On Mar 6, 2:16*am, david wrote:
    >> > >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons
    >> > >> to say:

    >>
    >> > >> > There it is. *It is weird though, anything requiring a password
    >> > >> > remotely hangs a little bit. *Even when I ssh in it takes a bit
    >> > >> > more time than normal.

    >>
    >> > >> Oh, you didn't specify the PASV port ranges. * The default
    >> > >> behavior is "any port" according to the documentation. *Your
    >> > >> router would need to know which ports to forward, and without a
    >> > >> range specified, you would probably have to forward all of them.

    >>
    >> > > I limited the port by saying the min is 20 and max is 21. *It still
    >> > > times out.

    >>
    >> > Ah, no, that's not how PASV mode works. *You need to pick another
    >> > range (>1023)

    >>
    >> >http://en.wikipedia.org/wiki/File_Tr...rotocolhttp://

    www.slacksi...Hide
    >> >quoted text -

    >>
    >> > - Show quoted text -

    >>
    >> Yeah I opened a gang of high ports and told vsftpd about them but still
    >> same result.- Hide quoted text -
    >>
    >> - Show quoted text -

    >
    > Anyone have any other ideas?


    What's in /etc/vsftpd/user_list ?

    And, are you sure you're redirectly the open ports through your router
    correctly?

  14. Re: netopia 3000 and vsftpd

    On Sun, 09 Mar 2008 22:27:10 -0700, Greg rearranged some electrons to say:

    > On Mar 7, 11:18*pm, Greg wrote:
    >> On Mar 6, 10:15*pm, david wrote:
    >>
    >>
    >>
    >>
    >>
    >> > On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons to
    >> > say:

    >>
    >> > > On Mar 6, 2:16*am, david wrote:
    >> > >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons
    >> > >> to say:

    >>
    >> > >> > There it is. *It is weird though, anything requiring a password
    >> > >> > remotely hangs a little bit. *Even when I ssh in it takes a bit
    >> > >> > more time than normal.

    >>
    >> > >> Oh, you didn't specify the PASV port ranges. * The default
    >> > >> behavior is "any port" according to the documentation. *Your
    >> > >> router would need to know which ports to forward, and without a
    >> > >> range specified, you would probably have to forward all of them.

    >>
    >> > > I limited the port by saying the min is 20 and max is 21. *It still
    >> > > times out.

    >>
    >> > Ah, no, that's not how PASV mode works. *You need to pick another
    >> > range (>1023)

    >>
    >> >http://en.wikipedia.org/wiki/File_Tr...rotocolhttp://

    www.slacksi...Hide
    >> >quoted text -

    >>
    >> > - Show quoted text -

    >>
    >> Yeah I opened a gang of high ports and told vsftpd about them but still
    >> same result.- Hide quoted text -
    >>
    >> - Show quoted text -

    >
    > Anyone have any other ideas?


    Look at your log files during your failed login attempts. There may be a
    clue in there.


  15. Re: netopia 3000 and vsftpd

    On Mar 10, 2:27*am, david wrote:
    > On Sun, 09 Mar 2008 22:27:10 -0700, Greg rearranged some electrons to say:
    >
    >
    >
    >
    >
    >
    >
    > > On Mar 7, 11:18*pm, Greg wrote:
    > >> On Mar 6, 10:15*pm, david wrote:

    >
    > >> > On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons to
    > >> > say:

    >
    > >> > > On Mar 6, 2:16*am, david wrote:
    > >> > >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some electrons
    > >> > >> to say:

    >
    > >> > >> > There it is. *It is weird though, anything requiring a password
    > >> > >> > remotely hangs a little bit. *Even when I ssh in it takes a bit
    > >> > >> > more time than normal.

    >
    > >> > >> Oh, you didn't specify the PASV port ranges. * The default
    > >> > >> behavior is "any port" according to the documentation. *Your
    > >> > >> router would need to know which ports to forward, and without a
    > >> > >> range specified, you would probably have to forward all of them.

    >
    > >> > > I limited the port by saying the min is 20 and max is 21. *It still
    > >> > > times out.

    >
    > >> > Ah, no, that's not how PASV mode works. *You need to pick another
    > >> > range (>1023)

    >
    > >> >http://en.wikipedia.org/wiki/File_Tr...lacksi....Hide
    > >> >quoted text -

    >
    > >> > - Show quoted text -

    >
    > >> Yeah I opened a gang of high ports and told vsftpd about them but still
    > >> same result.- Hide quoted text -

    >
    > >> - Show quoted text -

    >
    > > Anyone have any other ideas?

    >
    > Look at your log files during your failed login attempts. *There may be a
    > clue in there.- Hide quoted text -
    >
    > - Show quoted text -


    Where would the log file be located on that front?

  16. Re: netopia 3000 and vsftpd

    On Mon, 10 Mar 2008 16:53:47 -0700, Greg rearranged some electrons to say:

    > On Mar 10, 2:27*am, david wrote:
    >> On Sun, 09 Mar 2008 22:27:10 -0700, Greg rearranged some electrons to
    >> say:
    >>
    >>
    >>
    >>
    >>
    >>
    >>
    >> > On Mar 7, 11:18*pm, Greg wrote:
    >> >> On Mar 6, 10:15*pm, david wrote:

    >>
    >> >> > On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons
    >> >> > to say:

    >>
    >> >> > > On Mar 6, 2:16*am, david wrote:
    >> >> > >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some
    >> >> > >> electrons to say:

    >>
    >> >> > >> > There it is. *It is weird though, anything requiring a
    >> >> > >> > password remotely hangs a little bit. *Even when I ssh in it
    >> >> > >> > takes a bit more time than normal.

    >>
    >> >> > >> Oh, you didn't specify the PASV port ranges. * The default
    >> >> > >> behavior is "any port" according to the documentation. *Your
    >> >> > >> router would need to know which ports to forward, and without a
    >> >> > >> range specified, you would probably have to forward all of
    >> >> > >> them.

    >>
    >> >> > > I limited the port by saying the min is 20 and max is 21. *It
    >> >> > > still times out.

    >>
    >> >> > Ah, no, that's not how PASV mode works. *You need to pick another
    >> >> > range (>1023)

    >>
    >> >> >http://en.wikipedia.org/wiki/File_Tr...rotocolhttp://

    www.slacksi...Hide
    >> >> >quoted text -

    >>
    >> >> > - Show quoted text -

    >>
    >> >> Yeah I opened a gang of high ports and told vsftpd about them but
    >> >> still same result.- Hide quoted text -

    >>
    >> >> - Show quoted text -

    >>
    >> > Anyone have any other ideas?

    >>
    >> Look at your log files during your failed login attempts. *There may be
    >> a clue in there.- Hide quoted text -
    >>
    >> - Show quoted text -

    >
    > Where would the log file be located on that front?


    man vsftpd.conf
    /vsftpd_log_file

  17. Re: netopia 3000 and vsftpd

    On Mar 10, 7:10*pm, david wrote:
    > On Mon, 10 Mar 2008 16:53:47 -0700, Greg rearranged some electrons to say:
    >
    >
    >
    >
    >
    >
    >
    > > On Mar 10, 2:27*am, david wrote:
    > >> On Sun, 09 Mar 2008 22:27:10 -0700, Greg rearranged some electrons to
    > >> say:

    >
    > >> > On Mar 7, 11:18*pm, Greg wrote:
    > >> >> On Mar 6, 10:15*pm, david wrote:

    >
    > >> >> > On Thu, 06 Mar 2008 19:33:12 -0800, Greg rearranged some electrons
    > >> >> > to say:

    >
    > >> >> > > On Mar 6, 2:16*am, david wrote:
    > >> >> > >> On Wed, 05 Mar 2008 20:43:32 -0800, Greg rearranged some
    > >> >> > >> electrons to say:

    >
    > >> >> > >> > There it is. *It is weird though, anything requiring a
    > >> >> > >> > password remotely hangs a little bit. *Even when I ssh in it
    > >> >> > >> > takes a bit more time than normal.

    >
    > >> >> > >> Oh, you didn't specify the PASV port ranges. * The default
    > >> >> > >> behavior is "any port" according to the documentation. *Your
    > >> >> > >> router would need to know which ports to forward, and without a
    > >> >> > >> range specified, you would probably have to forward all of
    > >> >> > >> them.

    >
    > >> >> > > I limited the port by saying the min is 20 and max is 21. *It
    > >> >> > > still times out.

    >
    > >> >> > Ah, no, that's not how PASV mode works. *You need to pick another
    > >> >> > range (>1023)

    >
    > >> >> >http://en.wikipedia.org/wiki/File_Tr...slacksi...Hide
    > >> >> >quoted text -

    >
    > >> >> > - Show quoted text -

    >
    > >> >> Yeah I opened a gang of high ports and told vsftpd about them but
    > >> >> still same result.- Hide quoted text -

    >
    > >> >> - Show quoted text -

    >
    > >> > Anyone have any other ideas?

    >
    > >> Look at your log files during your failed login attempts. *There may be
    > >> a clue in there.- Hide quoted text -

    >
    > >> - Show quoted text -

    >
    > > Where would the log file be located on that front?

    >
    > man vsftpd.conf *
    > /vsftpd_log_file- Hide quoted text -
    >
    > - Show quoted text -


    Alright I see lots of Switching to Ascii mode and Switching to Binary
    Mode and Restart Position accepted.

  18. Re: netopia 3000 and vsftpd

    On Mar 5, 9:43*pm, Greg wrote:
    > On Mar 5, 6:45*pm, david wrote:
    >
    >
    >
    > > On Wed, 05 Mar 2008 10:57:42 -0800, Greg rearranged some electrons to say:

    >
    > > > On Mar 5, 2:18*am, david wrote:
    > > >> On Tue, 04 Mar 2008 23:56:47 -0800, Greg rearranged some electrons to
    > > >> say:

    >
    > > >> > Hey everyone I had the vsftpd working on my cable modem and then we
    > > >> > transfered it to the office which is behind aNetopia3000 router.
    > > >> > Now we get a connection timeout when we try and use the ftp from the
    > > >> > outside. *Has anyone had this problem? *I have the port forwarding
    > > >> > setup for UDP and TCP on ports 21 and 20. *Is there anything moreI
    > > >> > need to do? *I also have apache going and port 80 open and it works
    > > >> > perfectly. Any help would be appreciated.

    >
    > > >> > Greg

    >
    > > >> If you're using passive mode, you also have to forward whatever ports
    > > >> you have vsftpd using for that.

    >
    > > >> See:http://vsftpd.beasts.org/vsftpd_conf...sv_max_portand
    > > >> pasv_min_port

    >
    > > > Alright..I don't remember having to do this on my dlink but I will look
    > > > into this. *How come it works for the anonymious log-in on passive mode?

    >
    > > Perhaps you have something else broken in your vsftpd.conf file. *Postit
    > > here so it can be looked at perhaps?- Hide quoted text -

    >
    > > - Show quoted text -

    >
    > # Example config file /etc/vsftpd/vsftpd.conf
    > #
    > # The default compiled in settings are fairly paranoid. This sample
    > file
    > # loosens things up a bit, to make the ftp daemon more usable.
    > # Please see vsftpd.conf.5 for all compiled in defaults.
    > #
    > # READ THIS: This example file is NOT an exhaustive list of vsftpd
    > options.
    > # Please read the vsftpd.conf.5 manual page to get a full idea of
    > vsftpd's
    > # capabilities.
    > #
    > # Allow anonymous FTP? (Beware - allowed by default if you comment
    > this out).
    > anonymous_enable=YES
    > #
    > # Uncomment this to allow local users to log in.
    > local_enable=YES
    > #
    > # Uncomment this to enable any form of FTP write command.
    > write_enable=YES
    > #
    > # Default umask for local users is 077. You may wish to change this to
    > 022,
    > # if your users expect that (022 is used by most other ftpd's)
    > local_umask=022
    > #
    > # Uncomment this to allow the anonymous FTP user to upload files. This
    > only
    > # has an effect if the above global write enable is activated. Also,
    > you will
    > # obviously need to create a directory writable by the FTP user.
    > #anon_upload_enable=YES
    > #
    > # Uncomment this if you want the anonymous FTP user to be able to
    > create
    > # new directories.
    > #anon_mkdir_write_enable=YES
    > #
    > # Activate directory messages - messages given to remote users when
    > they
    > # go into a certain directory.
    > dirmessage_enable=YES
    > #
    > # Activate logging of uploads/downloads.
    > xferlog_enable=YES
    > #
    > # Make sure PORT transfer connections originate from port 20 (ftp-
    > data).
    > connect_from_port_20=YES
    > #
    > # If you want, you can arrange for uploaded anonymous files to be
    > owned by
    > # a different user. Note! Using "root" for uploaded files is not
    > # recommended!
    > chown_uploads=YES
    > chown_username=gshirey
    > #
    > # You may override where the log file goes if you like. The default is
    > shown
    > # below.
    > #xferlog_file=/var/log/vsftpd.log
    > #
    > # If you want, you can have your log file in standard ftpd xferlog
    > format
    > xferlog_std_format=YES
    > #
    > # You may change the default value for timing out an idle session.
    > idle_session_timeout=6000
    > #
    > # You may change the default value for timing out a data connection.
    > data_connection_timeout=1200
    > #
    > # It is recommended that you define on your system a unique user which
    > the
    > # ftp server can use as a totally isolated and unprivileged user.
    > #nopriv_user=ftpsecure
    > #
    > # Enable this and the server will recognise asynchronous ABOR
    > requests. Not
    > # recommended for security (the code is non-trivial). Not enabling it,
    > # however, may confuse older FTP clients.
    > #async_abor_enable=YES
    > #
    > # By default the server will pretend to allow ASCII mode but in fact
    > ignore
    > # the request. Turn on the below options to have the server actually
    > do ASCII
    > # mangling on files when in ASCII mode.
    > # Beware that on some FTP servers, ASCII support allows a denial of
    > service
    > # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
    > # predicted this attack and has always been safe, reporting the size
    > of the
    > # raw file.
    > # ASCII mangling is a horrible feature of the protocol.
    > #ascii_upload_enable=YES
    > #ascii_download_enable=YES
    > #
    > # You may fully customise the login banner string:
    > #ftpd_banner=Welcome to blah FTP service.
    > #
    > # You may specify a file of disallowed anonymous e-mail addresses.
    > Apparently
    > # useful for combatting certain DoS attacks.
    > #deny_email_enable=YES
    > # (default follows)
    > #banned_email_file=/etc/vsftpd/banned_emails
    > #
    > # You may specify an explicit list of local users to chroot() to their
    > home
    > # directory. If chroot_local_user is YES, then this list becomes a
    > list of
    > # users to NOT chroot().
    > #chroot_list_enable=YES
    > # (default follows)
    > #chroot_list_file=/etc/vsftpd/chroot_list
    > #
    > # You may activate the "-R" option to the builtin ls. This is disabled
    > by
    > # default to avoid remote users being able to cause excessive I/O on
    > large
    > # sites. However, some broken FTP clients such as "ncftp" and "mirror"
    > assume
    > # the presence of the "-R" option, so there is a strong case for
    > enabling it.
    > #ls_recurse_enable=YES
    > #
    > # When "listen" directive is enabled, vsftpd runs in standalone mode
    > and
    > # listens on IPv4 sockets. This directive cannot be used in
    > conjunction
    > # with the listen_ipv6 directive.
    > listen=YES
    > #
    > # This directive enables listening on IPv6 sockets. To listen on IPv4
    > and IPv6
    > # sockets, you must run two copies of vsftpd whith two configuration
    > files.
    > # Make sure, that one of the listen options is commented !!
    > #listen_ipv6=YES
    >
    > pam_service_name=vsftpd
    > userlist_enable=YES
    > tcp_wrappers=YES
    > accept_timeout=300
    > connect_timeout=300
    > idle_session_timeout=500
    > use_localtime=YES
    >
    > There it is. *It is weird though, anything requiring a password
    > remotely hangs a little bit. *Even when I ssh in it takes a bit more
    > time than normal.- Hide quoted text -
    >
    > - Show quoted text -


    I switched to proftpd and everything is all good now.

  19. Re: netopia 3000 and vsftpd

    On Sat, 15 Mar 2008 13:33:44 -0700, Greg rearranged some electrons to say:


    > I switched to proftpd and everything is all good now.


    I guess that means there was still something wrong with your vsftpd
    configuration. Oh well, as long as you're happy.

+ Reply to Thread