[Nottingham] hello and a vsftpd configuration problem for FTP
tunnelling
Paul Sladen
nottingham at mailman.lug.org.uk
Fri Jun 13 02:14:01 2003
On Thu, 12 Jun 2003, leigh silvester wrote:
Hello Leigh,
Good to hear from you, I'm just over the railway bridge in Beeston (well I
would be, if I wasn't at the other end of the country at this moment! :-).
> I was able to establish a connection to the FTP server via the SSH,
> HOWEVER whenever the FTP client tried to get a directory/file listing
> the FTP daemon responds with "illegal port command".
The ``Illegal PORT command'' probably implies that it *isn't* using passive-
FTP, for example I get the same here (notice no "-p" on the command line):
paul@emeritus:~$ ftp localhost 2021
[...]
ftp> ls
500 Illegal PORT command.
ftp: bind: Address already in use
ftp>
Investigating slightly further, I managed to get the setup to reproduce the
/situation/ that you described, but giving a different error-message:
paul@emeritus:~$ ssh -fNCL 2021:localhost:21 paul@columbo.19inch.net
paul@emeritus:~$ ftp -v -p localhost 2021
Connected to emeritus.
220 (vsFTPd 1.1.3)
Name (localhost:paul): test
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (123,456,789,012,345,678)
* 425 Security: Bad IP connecting. <-------------<<<
ftp> bye
221 Goodbye.
A Google for "425 Security Bad IP connecting" then turned up a reference to:
pasv_promiscuous=YES
once I added this to `/etc/vsftpd.conf', reloaded things and tried things
again, it all worked wonderfully:
ftp> ls -l
227 Entering Passive Mode (123,456,789,012,345,678)
150 Here comes the directory listing.
226 Directory send OK.
Hope that helps,
-Paul
--
War is inconsistent with Truth. Nottingham, GB