Re: FTP connection problems

[pepe]

Dear Mario,

I think your problem is the lack of some port open. According to logs:
227 Entering Passive Mode (192,168,1,99,120,210).
425 Security: Bad IP connecting.
Security: Bad IP connecting
Failed [Security: Bad IP connecting]


Response:         227 Entering Passive Mode (192,168,1,99,57,165).
Status:               Server sent passive reply with unroutable address. Using server address instead.


So, I think you don't have the ports needed for Passive Mode opened. The problem is that they change, so, you need to add to your vsftpd.conf file the following:

pasv_max_port=???
pasv_min_port=???

Where ??? is the min port and the max port you want to use. For me, with two ports is enought, but if concurrent conections happens, you might need more. I mean, if you put 900 and 950, then all ports between 900 and 950 could be used. if you put 900 and 901, then only 900 and 901 could be used.

After this, redirect that port interval on your router.


Regards.

[pepe]

Dear Mario,

when you disable pasv mode, then when you start a dowload, insteado of your client asking for a port to connect to the server, is the server which connects to a port on your pc... which is more likely to be ... very complicated as you might be behing a router which doesn't allow that. But anyway, your ftp client was asking for ports to the server, which was not allowed, so "error"

Response: 200 Switching to Binary mode.

Command: PASV

Response: 550 Permission denied.

Command: PORT 213,190,211,132,4,100

Response: 200 PORT command successful. Consider using PASV.   "your client still thinks that pasv mode is allowed"

Command: LIST

After enabling the pasv mode, you run again in random data ports not accessible from outside.

Enable pasv mode, add the two lines which limit the amount of "random" ports to use, and open/redirect all of them on your router.

It gave me a headache too. My problem was my ISP blocking the default ports (Yes, I was trying with 20 and 21. As soon as I changed the 21 to another it worked for me)

It's worthy to visit the man page of vsftpd at https://security.appspot.com/vsftpd/vsftpd_conf.html

My vsftpd.conf file. CHANGE PORTS. Maybe you could try with "2199"(your current listen one) and "2200" and "2201". After that, redirect the range 2199 to 2201, or open one by one if your router does't allow ranges.

# cat /etc/vsftpd.conf
check_shell=NO
write_enable=YES
local_umask=022
connect_from_port_20=YES
chown_uploads=YES
chown_username=root
idle_session_timeout=600
data_connection_timeout=120
nopriv_user=nobody
ftpd_banner=Welcome to this FTP server
chroot_local_user=YES
listen=YES
listen_port=my-port-change-to-one-you-like
pasv_max_port=my-port-change-to-one-you-like
pasv_min_port=my-port-change-to-one-you-like
pasv_enable=YES
pasv_promiscuous=NO
text_userdb_names=YES
accept_timeout=60
userlist_enable=YES
anon_root=/usb/sda1/torrents
anonymous_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
local_enable=YES

[Mário Oliveira]

I made another change in Filezilla, on the site properties I stated the remote path to the directory I want, i.e. stating as full path /usb/DISCO1/GLOBAL, this being the directory (folder) I want to be accessible by ftp. The result is the following log:

------------------------

Status: Resolving IP-Address for marioliveira.dyndns.org

Status: Connecting to 213.190.211.132:2200...

Status: Connection established, waiting for welcome message...

Response: 220 Welcome to SNAKE OS FTP service

Command: USER mario

Response: 331 Please specify the password.

Command: PASS *********

Response: 230 Login successful.

Command: SYST

Response: 215 UNIX Type: L8

Command: FEAT

Response: 211-Features:

Response: EPRT

Response: EPSV

Response: MDTM

Response: PASV

Response: REST STREAM

Response: SIZE

Response: TVFS

Response: UTF8

Response: 211 End

Command: OPTS UTF8 ON

Response: 200 Always in UTF8 mode.

Status: Connected

Status: Retrieving directory listing...

Command: CWD /usb/DISCO1/GLOBAL

Response: 550 Failed to change directory.

Error: Failed to retrieve directory listing

----------------------------

Then, being a total newbie in Linux, I though: could that be a matter of permissions?

I logged in through Putty, and the permissions I managed to see are:

--------------------------

# ls usb

DISCO1

# ls -l usb

drwxr-xr-x    4 root     root          4096 Oct 12 12:57 DISCO1

# cd /usb

# ls

DISCO1

# ls -l DISCO1

drwxr-xr-x    4 root     root          4096 Oct 13 16:24 GLOBAL

drwx------    2 root     root         16384 Oct 12 12:33 lost+found

-rw-r--r--    1 root     root     268435456 Oct 12 12:59 swapfile

# ls -ld DISCO1

drwxr-xr-x    4 root     root          4096 Oct 12 12:57 DISCO1

------------------------------------------------------------------------

Is it then that I should change permissions for tha DISCO1 directory, or that of another folder as well? And how? Sorry for being such an ignorant, I've been reading and searching a lot but still don't know tons of things. Thank you guys for any help on this.

Mario

[pepe]

Could be permissions.
Try (don't use the "")
"cd /usb/DISCO1/"
"chmod -R 775 GLOBAL"
This gives Read, Write and eXecute (RWX) permission to owner and group but only allow read and execute to others. For a folder, execute permissions is the same of enabling listing content on it.

[pepe]

I tried to contact you by email. Can you check it?. Maybe in spam.

[Mário Oliveira]

Yes, I already replied.

[Mário Oliveira]

Nope, did that, restarted ftp service, and reply is still the same:

"...

Status: Retrieving directory listing...

Command: CWD /usb/DISCO1/GLOBAL

Response: 550 Failed to change directory.

Error: Failed to retrieve directory listing

"

Mario

[Stefan Scheffler]

What is the home directory of the user "mario" set to?


Am Sun, 13 Oct 2013 13:18:17 -0700 (PDT)
schrieb Mário Oliveira <marioliv...@gmail.com>:

> That was the last part of Filezilla log. ACEftp gave a slightly
> different one. I'm saying this because for experts the difference
> could mean something important:
>
> --------------
> Connecting to marioliveira.dyndns.org on port 2200. Attempt 1 of 3...

> 220 Welcome to SNAKE OS FTP service

> USER mario

> 331 Please specify the password.

> PASS *****
> 230 Login successful.
> Server Type: UNIX (standard)
> FEAT
> 211-Features:
> EPRT
> EPSV
> MDTM
> PASV
> REST STREAM
> SIZE
> TVFS
> UTF8
> 211 End
> CWD \/

> 550 Failed to change directory.

> PWD
> 257 "/"
> Queue completed in 0,02 seconds
> --------------------------
>
>
>
>

[Mário Oliveira]

Stefan, it is set to /usb/DISCO1/GLOBAL

--
--
You received this message because you are subscribed to the Google
Groups "Snake OS mail list": http://groups.google.com/group/dealextreme-nas-?hl=en

Snake OS website is here: http://code.google.com/p/snake-os/

---
You received this message because you are subscribed to a topic in the Google Groups "DealExtreme NAS SnakeOS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dealextreme-nas-/QZ4qn-JLNUs/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dealextreme-na...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Stefan Scheffler]

Ok, I just checked too, it would throw a different if the directory
didn't exist.

This looks weird: CWD \/
Do you use "\" for the remote directory in the ftp client?
If so try "/".


Am Tue, 15 Oct 2013 23:19:07 +0100
schrieb Mário Oliveira <marioliv...@gmail.com>:

[Mário Oliveira]

I just did, Stefan. I used / , and also /usb, usb/DISCO1 and /usb/DISCO1/GLOBAL. The log says:

[etc...]

Status: Connected

Status: Retrieving directory listing...

Command: CWD /usb/DISCO1/GLOBAL

Response: 550 Failed to change directory.

Mário

[Stefan Scheffler]

That's strange "/" should work because if the root directory isn't
accessible at connect time vsftpd complains this way here:
500 OOPS: cannot change directory:/usb/sda1/test

So the directory must be accessible in your case or it wouldn't even get
that far.

Just to make sure.. does it still work correctly if you connect via the
LAN address?

Am Thu, 17 Oct 2013 20:01:06 +0100

[Mário Oliveira]

Internally, it's OK. When I access it through a browser stating the IP internal adress and the port, the list comes immediately out in order.