[Nottingham] hello and a vsftpd configuration problem for FTP tunnelling

Paul Sladen nottingham at mailman.lug.org.uk
Fri Jun 13 02:14:01 2003


On Thu, 12 Jun 2003, leigh silvester wrote:

Hello Leigh,

Good to hear from you, I'm just over the railway bridge in Beeston (well I
would be, if I wasn't at the other end of the country at this moment!  :-).

> I was able to establish a connection to the FTP server via the SSH,
> HOWEVER whenever the FTP client tried to get a directory/file listing
> the FTP daemon responds with "illegal port command".

The ``Illegal PORT command'' probably implies that it *isn't* using passive-
FTP, for example I get the same here (notice no "-p" on the command line):

  paul@emeritus:~$ ftp localhost 2021
  [...]
  ftp> ls
  500 Illegal PORT command.
  ftp: bind: Address already in use
  ftp> 

Investigating slightly further, I managed to get the setup to reproduce the
/situation/ that you described, but giving a different error-message:

  paul@emeritus:~$ ssh -fNCL 2021:localhost:21 paul@columbo.19inch.net
  paul@emeritus:~$ ftp -v -p localhost 2021
  Connected to emeritus.
  220 (vsFTPd 1.1.3)
  Name (localhost:paul): test
  331 Please specify the password.
  Password:
  230 Login successful. Have fun.
  Remote system type is UNIX.
  Using binary mode to transfer files.
  ftp> ls
  227 Entering Passive Mode (123,456,789,012,345,678)
* 425 Security: Bad IP connecting.                      <-------------<<<
  ftp> bye
  221 Goodbye.

A Google for "425 Security Bad IP connecting" then turned up a reference to:

  pasv_promiscuous=YES

once I added this to `/etc/vsftpd.conf', reloaded things and tried things
again, it all worked wonderfully:

  ftp> ls -l
  227 Entering Passive Mode (123,456,789,012,345,678)
  150 Here comes the directory listing.
  226 Directory send OK.

Hope that helps,

	-Paul
-- 
War is inconsistent with Truth.  Nottingham, GB