VSFTP running behind a firewall

asterix404 · Apprentice Joined: 05 Nov 2004 Posts: 213

umm... well... in my vsftp.conf there is an option for forcing data transfers over port 20. Also isn't this the default ftp data transfer port?

pharaoh · Posted: Sat Dec 11, 2004 12:03 am Post subject:

Hey, did you also forward all those passive ports through the routers?

EDIT: Ok I notice in your very first post you said you did forward them...
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB

asterix404 · Apprentice Joined: 05 Nov 2004 Posts: 213

how do you do that, and actuilly this stuff is really helpful with people going through similar porblems... cuz there is almost no documention describng non working vsftpd stuff, but rally how do you configure those ports to be passive?

pharaoh · Posted: Sat Dec 11, 2004 12:39 am Post subject:

You have them set in your vsftpd.conf already so it seems ok. Just to check, you're forwarding the TCP ports not the UDP ones with the router right?
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB

seank · l33t Joined: 08 Jul 2004 Posts: 686

asterix404 · Apprentice Joined: 05 Nov 2004 Posts: 213

yes I am only forwarding the TCP cuz that the thing can call for... what is UDP... it has been a while since i had to use that information... as for the port listenings... is there a reason to not use port 20?

Okay so here we go, i have prots 61000-62000 open on all of my routers. I have 19-22 open as well... I get a socket error... what is that what does this mean?

pharaoh · Posted: Sat Dec 11, 2004 3:29 am Post subject:

I'm curious if you really do need that ftp_conntrack_ip module just for this port 20 passive business. I don't like genkernel because it takes away your control, but try doing an lsmod and see what's loaded up. Sean is right though, if you're not using a firewall you shouldn't need it...however I needed it even with the firewall open on the correct ports. Who knows!
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB

asterix404 · Apprentice Joined: 05 Nov 2004 Posts: 213

okay so the lsmod has

pharaoh · Posted: Sat Dec 11, 2004 3:56 am Post subject:

All those modules are for hardware. I don't know a thing about genkernel, and I was just asking to try that ftp_conntrack_ip modules because I have no idea what the problem is anymore :evil:

_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB

asterix404 · Apprentice Joined: 05 Nov 2004 Posts: 213

Ahh... well there is good new yet, sorry about that... actuilly the module was not installed before but now I have this:

/lib/modules/2.6.9-gentoo-r9/kernel/net/ipv4/netfilter/ip_conntrack_irc.ko
/lib/modules/2.6.9-gentoo-r9/kernel/net/ipv4/netfilter/ip_conntrack_tftp.ko
which I think I can use autoload to boot up... and prey this works... is there a way to see what packets are doing when they hit my routers? Like when I do ftp open "my ip" can I see what the packets are doing and trace them?

I know the porblem now but I have no idea how to fix it and hopefully someone out there does. I can access the ftp anywhere on my lan, the porblem is the outside... the other problem is I have a wireless router conected to the ouside world. It is a linksys, this must be the problem. Unde aplications and gaming I have this

ftp 61000 to 62000 TCP 192.168.10.100 where 10.100 is another router
ftp 19 to 22 TCP 192.168.10.100

I have nothing under port triggering i have nothing under DMZ host

I have UPnP enabled

I think I now know that is is a problem with the router and I wil have to fiddle around with my network tomm... thank you so much though, and if this does get fixed I will be sure to keep you posted... if you care enough... however you seem to

pharaoh · Posted: Sat Dec 11, 2004 2:58 pm Post subject:

Just to make sure it's one of the routers being the issue, can you just not use the routers for a short time to test it? I realize there's a security risk involved, but for how much time you've been putting into this it may just be easiest to change the net settings on the ftp server and run it directly to your internet hookup to find out if it really is one of the routers being the problem. Either way, do let us know what happens

_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB

asterix404 · Apprentice Joined: 05 Nov 2004 Posts: 213

It was in fact the router... AS A HEUGE NOTE for anyone folowing this... if you loose power and it comes back up and it seems like nothing had happend... it did. If your routers still say they are doing what they are doing... they really are not. No port forwarding was occuring and I had about half services. It didn't like the reset and i had to do it about 3 times... but it finially hooked... thanks a lot pharaoh and sean_micken it works great. What else can I run from xinted now that I know this is a very powerful tool... samba? net.eth0?

pharaoh · Posted: Mon Dec 13, 2004 3:08 am Post subject:

Glad to hear it's working

As for xinetd, I only use it to run swat and vsftpd. But if you poke around I'm sure you'll find some other services to do with it. Good luck bud!
_________________
RYZEN 5 3600 Matisse (Zen 2) 6-Core 3.6 GHz Socket AM4 65W
ASRock B550M PRO4
Crucial Ballistix 3200 MHz DDR4 DRAM 16GB
EVGA GeForce GTX 1060 6GB