Ping a Specific Port

Question

Palantir

Asked: 2012-06-02 06:31:03 +0800 CST2012-06-02 06:31:03 +0800 CST 2012-06-02 06:31:03 +0800 CST

FTPS using Vsftp woes

772

I have some problems with Vstpd, and I don't know whether they are related or not.

One problem is that FireFTP can't get past the directory listing phase - it just stucks there forever, no error messages. Filezilla works, however it too sometimes gets stuck. In particular there are some files that just won't upload -- they too are stuck forever, sometimes a few bytes go through; here, too, no error messages server-side, and just a timeout client-side. Other clients seem totally unaffected (in particular Cyberduck on windows and Transmit on mac always worked flawlessly).

With FileZilla, the file I am attempting to upload will be created on the server with zero byte size, but nothing will be uploaded. If the file was already there, it will be emptied. I can also upload other files to the same directory, so it is not a permissions issue.

Is there any problem with my configuration? Am I using an outdated version? (It's Ubuntu 10.04). Here is vsftpd.conf. Using a self-signed cert.

Maybe this is a Linux problem??? Using Ubuntu 12.04 as client OS.

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
dual_log_enable=YES
xferlog_std_format=NO
xferlog_file=/var/log/vsftpd.log
session_support=YES

connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem

ssl_enable=YES
require_ssl_reuse=NO
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
ssl_ciphers=HIGH

2 Answers

Voted

GioMac · Answer 1 · 2012-06-14T04:25:44+08:00

GioMac

2012-06-14T04:25:44+08:002012-06-14T04:25:44+08:00

It is related to passive FTP or FTPS. 100%

It won't work securely for FTPS - then you will need to adjust and open higher ports manually in firewalls and set fixed range with pasv_min_port & pasv_max_port in vsftpd.conf.

For non-SSL:

http://slacksite.com/other/ftp.html

Be sure to load ip_nat_ftp (if you use NAT on THIS SERVER) and ip_conntrack_ftp modules
Use "ftp helper" in your iptables configuration for FTP:

-m helper --helper ftp

In case of RHEL/Fedora/Centos you can find special string for modules in /etc/sysconfig/iptables-config and add helper in rules for /etc/sysconfig/iptables

This is for any case.

In case you are behind NAT/Firewall - it should support and track FTP connections.

0

Palantir · Answer 2 · 2012-06-19T05:37:42+08:00

Best Answer

Palantir

2012-06-19T05:37:42+08:002012-06-19T05:37:42+08:00

Turns out, the problem was on the client, not on the server!

I investigated further, and I found out that the most probablle culprit is the gnutls version installed in the client's machine (it is Ubuntu 12.04, GnuTLS 2.12.14).

To verify this, I downloaded the windows version of FileZilla, which is statically linked to a 2.10 version, and ran it using Wine. It works!!

Digging FileZilla's bugtracker I finally fond the confirmation: http://trac.filezilla-project.org/ticket/7837

0

FTPS using Vsftp woes

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?