Jump to content


Photo

FTP Server on non standard port


  • Please log in to reply
16 replies to this topic

#1 geohei

geohei
  • Members
  • 78 posts

Posted 31 January 2006 - 09:33 AM

Hi.

The problem is known ...

PC1 (Client) / Router 1 ------ Router 2 / PC 2 (Server)

The server is listening on a non-standard port (e.g. 20021), since port 21 is already occupied.

Neither active, nor passive transfer is working for well known reasons. Can I configure SmartFTP as client somehow in order to make this work?

Thanks.

#2 Aokromes

Aokromes

    Entity From Outer Space

  • Root Admin
  • 1519 posts
  • Gender:
    Male
  • Location:
    Vitoria-Gasteiz Beyond Stargate Network ;)

Posted 31 January 2006 - 12:16 PM

Hi, the right way is to limit the range of pasv ports on the server and open that ports on router.
You also can try at Settings->Connection->Force Server IP for PASV mode.

#3 geohei

geohei
  • Members
  • 78 posts

Posted 03 February 2006 - 06:20 AM

Hi, the right way is to limit the range of pasv ports on the server and open that ports on router.
You also can try at Settings->Connection->Force Server IP for PASV mode.

1. I understand why it makes sense to limit the number of ports with PASV.
2. I don't understand what "Force Server IP for PASV mode" does. Also ... I didn't find any documentation on the SmartFTP about this.

Could you give me some reference where I could find explanations about this option.

Thanks,,

#4 eyebex

eyebex
  • Licensed User
  • 1860 posts
  • Gender:
    Male

Posted 03 February 2006 - 08:13 AM

2. I don't understand what "Force Server IP for PASV mode" does. Also ... I didn't find any documentation on the SmartFTP about this.

This option ensures that the PASV IP reported by the server matches the server IP you've connected to. It's basically a work-around for servers behind routers that accidently (due to wrong configuration) report their internal IP in the PASV command.

#5 geohei

geohei
  • Members
  • 78 posts

Posted 05 February 2006 - 10:32 PM

Hi.

Coming back to point 1. above, I tried to limit the number of ports to 3 (50997-50999) for testing purpose. However ... when logging into a local server (PASV mode), I noticed that the client used port 2047 and the server 1067.

I expected 50997/8/9 as one of the data ports.

Why is that?

... later ...

I spent quite a lot of time in order to find a solution for this. Basically, as fas as I understood the principle ... I must limit the number of ports used by the client in PASV (e.g.). The router of the server must have these 3 ports open and pointed to the ftp server. Is this correct?

How man ports should I open (3 in my example)?

This should always work (at least, I don't see what can go wrong while doing so).

Thanks.

#6 eyebex

eyebex
  • Licensed User
  • 1860 posts
  • Gender:
    Male

Posted 06 February 2006 - 08:23 AM

Coming back to point 1. above, I tried to limit the number of ports to 3 (50997-50999) for testing purpose. However ... when logging into a local server (PASV mode), I noticed that the client used port 2047 and the server 1067.

It's the other way around: In PASV mode, the server tells the client which IP and port it should connect to. So you have to limit the port range on the server side (to limit the ports the server can choose from, that it later sends to the client) and do port forwarding on the server side in PASV mode.

If there is no such port forwarding on the server side, you can only connect in PORT mode to the server. And then you'll need port range limiting and forwarding on the client side as you describe.

So in short: Just connect using PORT / active mode, and it should work.

#7 geohei

geohei
  • Members
  • 78 posts

Posted 06 February 2006 - 10:23 AM

...
If there is no such port forwarding on the server side, you can only connect in PORT mode to the server. And then you'll need port range limiting and forwarding on the client side as you describe.
...

Oups ... a misunderstanding. After your posting I digged myself deeper into the vcftpd man page. You were right!

pasv_min_port=20000
pasv_max_port=20100

This did the job! Thanks a lot!!!

However I have a last question. How many ports should I use. In my example, I use a range of 100 ports. Is this sufficient? Can I use just (e.g.) 2 ports?

Thanks,

#8 eyebex

eyebex
  • Licensed User
  • 1860 posts
  • Gender:
    Male

Posted 06 February 2006 - 12:55 PM

However I have a last question. How many ports should I use. In my example, I use a range of 100 ports. Is this sufficient? Can I use just (e.g.) 2 ports?

In fact a single port should be enough. However, I would stick with the 100 ports as other applications might use ports in that range, too, so it's a good idea to give the server at least a few ports to choose from so no conflicts occur.

#9 geohei

geohei
  • Members
  • 78 posts

Posted 07 February 2006 - 06:21 AM

In fact a single port should be enough. However, I would stick with the 100 ports as other applications might use ports in that range, too, so it's a good idea to give the server at least a few ports to choose from so no conflicts occur.

Thanks a lot !

#10 geohei

geohei
  • Members
  • 78 posts

Posted 07 February 2006 - 02:30 PM

Something unexpected happend right now.

I configured vsftpd with:
pasv_min_port=20900
pasv_max_port=20999

These 9 ports are also redirected on the server side!

However ... I discovered that I can get into the server using PORT (active transfer), but NOT with PASV (passive transfer). How is that possible? To my understanding, when configuring vsftpd with pasv_min/max_port, it means that the server communicates the client the ports he should use to initiate the data transfer (PASV).

No clue why PASV doesn't work !
Worse ... I have also no clue why PORT works !!!

Any explanation would be greatly welcomed!

Thanks.

#11 eyebex

eyebex
  • Licensed User
  • 1860 posts
  • Gender:
    Male

Posted 07 February 2006 - 03:07 PM

These 9 ports are also redirected on the server side!

You mean 99 ports, I guess ...

We need logs, logs, logs in order to help, for God's sake! ;-) That is SmartFTP logs from both PORT and PASV tries, not vsftpd logs ...

#12 geohei

geohei
  • Members
  • 78 posts

Posted 07 February 2006 - 03:38 PM

You mean 99 ports, I guess ...

We need logs, logs, logs in order to help, for God's sake! ;-) That is SmartFTP logs from both PORT and PASV tries, not vsftpd logs ...

Yes, I meant 99 (sorry).

Here one log (from a friend). Let me know if you need more ...
(used ports in this example were: 50900-50999)

[15:24:33] SmartFTP v2.0.993.20
[15:24:33] Resolving host name "golfhotel.dyndns.info"
[15:24:33] Connecting to 85.93.201.92 Port: 50221
[15:24:34] Connected to golfhotel.dyndns.info.
[15:24:35] 220 Welcome to the OpenDreambox FTP service.
[15:24:35] USER toolbrush
[15:24:35] 331 Please specify the password.
[15:24:35] PASS (hidden)
[15:24:35] 230 Login successful.
[15:24:35] SYST
[15:24:35] 215 UNIX Type: L8
[15:24:35] FEAT
[15:24:35] 211-Features:
[15:24:35] EPRT
[15:24:35] EPSV
[15:24:35] MDTM
[15:24:35] PASV
[15:24:35] REST STREAM
[15:24:35] SIZE
[15:24:35] TVFS
[15:24:35] 211 End
[15:24:35] PWD
[15:24:36] 257 "/"
[15:24:50] TYPE I
[15:24:50] 200 Switching to Binary mode.
[15:24:50] SIZE c.y
[15:24:50] 213 15994
[15:24:52] UPNP: Added port mapping: Router: 2343 -> 192.168.0.2:2343
[15:24:52] UPNP: GetExternalIPAddress returned: "158.64.124.39"
[15:24:52] PORT 158,64,124,39,9,39
[15:24:53] 200 PORT command successful. Consider using PASV.
[15:24:53] RETR c.y
[15:24:53] 150 Opening BINARY mode data connection for c.y (15994 bytes).
[15:24:54] 15994 bytes transferred. (19,2 KB/s) (813 ms)
[15:24:54] 226 File send OK.
[15:24:54] UPNP: Removed port mapping: Router: 2343
[15:24:54] Transfer successful.
[15:25:07] SIZE c.y
[15:25:08] 213 15994
[15:25:10] PASV
[15:25:10] 227 Entering Passive Mode (192,168,1,50,199,55)
[15:25:10] Opening data connection to 192.168.1.50 Port: 50999
[15:25:10] RETR c.y
[15:25:31] A connection attempt failed because the connected party
did not properly respond after a period of time, or established
connection failed because connected host has failed to respond.
[15:26:10] 425 Failed to establish connection.
[15:26:10] Transfer failed.
[15:27:01] NOOP
[15:27:01] 200 NOOP ok.
[15:27:31] SIZE c.y
[15:27:31] 213 15994
[15:27:32] PASV
[15:27:32] 227 Entering Passive Mode (192,168,1,50,199,54)
[15:27:32] Opening data connection to 192.168.1.50 Port: 50998
[15:27:32] RETR c.y
[15:27:53] A connection attempt failed because the connected party
did not properly respond after a period of time, or established
connection failed because connected host has failed to respond.
[15:28:32] 425 Failed to establish connection.
[15:28:32] Transfer failed.
[15:28:42] SIZE c.y
[15:28:42] 213 15994
[15:28:44] UPNP: Added port mapping: Router: 2405 -> 192.168.0.2:2405
[15:28:44] UPNP: GetExternalIPAddress returned: "158.64.124.39"
[15:28:44] PORT 158,64,124,39,9,101
[15:28:44] 200 PORT command successful. Consider using PASV.
[15:28:44] RETR c.y
[15:28:44] 150 Opening BINARY mode data connection for c.y (15994 bytes).
[15:28:45] 15994 bytes transferred. (18,8 KB/s) (828 ms)
[15:28:45] 226 File send OK.
[15:28:46] UPNP: Removed port mapping: Router: 2405
[15:28:46] Transfer successful.
[15:28:53] SIZE c.y
[15:28:54] 213 15994
[15:28:55] UPNP: Added port mapping: Router: 2409 -> 192.168.0.2:2409
[15:28:55] UPNP: GetExternalIPAddress returned: "158.64.124.39"
[15:28:55] PORT 158,64,124,39,9,105
[15:28:55] 200 PORT command successful. Consider using PASV.
[15:28:55] RETR c.y
[15:28:56] 150 Opening BINARY mode data connection for c.y (15994 bytes).
[15:28:57] 15994 bytes transferred. (19,2 KB/s) (812 ms)
[15:28:57] 226 File send OK.
[15:28:57] UPNP: Removed port mapping: Router: 2409
[15:28:57] Transfer successful.
[15:29:04] SIZE c.y
[15:29:04] 213 15994
[15:29:06] TYPE A
[15:29:06] 200 Switching to ASCII mode.
[15:29:06] UPNP: Added port mapping: Router: 2414 -> 192.168.0.2:2414
[15:29:06] UPNP: GetExternalIPAddress returned: "158.64.124.39"
[15:29:06] PORT 158,64,124,39,9,110
[15:29:06] 200 PORT command successful. Consider using PASV.
[15:29:06] RETR c.y
[15:29:07] 150 Opening BINARY mode data connection for c.y (15994 bytes).
[15:29:07] 15994 bytes transferred. (19,2 KB/s) (812 ms)
[15:29:07] 226 File send OK.
[15:29:08] UPNP: Removed port mapping: Router: 2414
[15:29:08] Transfer successful.
[15:29:20] MKD test_folder
[15:29:20] 550 Create directory operation failed.
[15:29:30] RNFR c.y
[15:29:30] 350 Ready for RNTO.
[15:29:30] RNTO c.y2
[15:29:30] 550 Rename failed.
[15:29:36] QUIT
[15:29:36] 221 Goodbye.
[15:29:36] Server closed connection


#13 eyebex

eyebex
  • Licensed User
  • 1860 posts
  • Gender:
    Male

Posted 07 February 2006 - 05:00 PM

[15:24:52] UPNP: Added port mapping: Router: 2343 -> 192.168.0.2:2343
[15:24:52] UPNP: GetExternalIPAddress returned: "158.64.124.39"
[15:24:52] PORT 158,64,124,39,9,39
[15:24:53] 200 PORT command successful. Consider using PASV.

Here's the answer to your first question: PORT mode works because your friend has a router that supports UPNP, which allows SmartFTP to dynamically configure port forwarding on the client side.

[15:25:10] PASV
[15:25:10] 227 Entering Passive Mode (192,168,1,50,199,55)

Here's the answer to your second question: PASV does not work because you have configured your server (vsftpd in your case) to return the private LAN IP of your server, not it's Internet WAN IP. This is kind of tricky to fix as you're running the server on a dynamic IP. Usually, you would need to enter the IP which "golfhotel.dyndns.info" resolves to as the "pasv_address" in your "vsftpd.conf". However, as your IP may change, you would need to write a cron-job that resolves "golfhotel.dyndns.info" for you, writes the IP to "vsftpd.conf", and restarts the server if the IP changed compared to the last resolve attempt. That was until recently. Luckily, the new vsftpd 2.0.4 adds a "pasv_address_resolve" option, which you need to set to "YES". Then just specify your hostname ("golfhotel.dyndns.info") instead of the IP for "pasv_address" and you're set.

#14 geohei

geohei
  • Members
  • 78 posts

Posted 07 February 2006 - 06:40 PM

Here's the answer to your first question: PORT mode works because your friend has a router that supports UPNP, which allows SmartFTP to dynamically configure port forwarding on the client side.

Ok, that explains it indeed.

Here's the answer to your second question: PASV does not work because you have configured your server (vsftpd in your case) to return the private LAN IP of your server, not it's Internet WAN IP. This is kind of tricky to fix as you're running the server on a dynamic IP. Usually, you would need to enter the IP which "golfhotel.dyndns.info" resolves to as the "pasv_address" in your "vsftpd.conf".

That's what I did (for testing prupose), and ir worked!

However, as your IP may change, you would need to write a cron-job that resolves "golfhotel.dyndns.info" for you, writes the IP to "vsftpd.conf", and restarts the server if the IP changed compared to the last resolve attempt. That was until recently. Luckily, the new vsftpd 2.0.4 adds a "pasv_address_resolve" option, which you need to set to "YES". Then just specify your hostname ("golfhotel.dyndns.info") instead of the IP for "pasv_address" and you're set.

I just checked it up. I have 2.0.3. Gonna have to update!

Thanks a lot for your explanations!

#15 geohei

geohei
  • Members
  • 78 posts

Posted 08 February 2006 - 11:45 AM

...
Here's the answer to your second question: PASV does not work because you have configured your server (vsftpd in your case) to return the private LAN IP of your server, not it's Internet WAN IP. This is kind of tricky to fix as you're running the server on a dynamic IP. Usually, you would need to enter the IP which "golfhotel.dyndns.info" resolves to as the "pasv_address" in your "vsftpd.conf". However, as your IP may change, you would need to write a cron-job that resolves "golfhotel.dyndns.info" for you, writes the IP to "vsftpd.conf", and restarts the server if the IP changed compared to the last resolve attempt. That was until recently. Luckily, the new vsftpd 2.0.4 adds a "pasv_address_resolve" option, which you need to set to "YES". Then just specify your hostname ("golfhotel.dyndns.info") instead of the IP for "pasv_address" and you're set.

Is it correct, that the SmartFTP option "Use Server IP for PASV Mode" compensates for the missing WAN IP, not sent be the vsftpd server?

Thanks,

#16 eyebex

eyebex
  • Licensed User
  • 1860 posts
  • Gender:
    Male

Posted 08 February 2006 - 04:49 PM

That's what it should do, yes. If SmartFTP finds a private network IP in the PASV command, it ignores this IP and uses the IP that was used to connect to the server instead if this option is checked.

#17 geohei

geohei
  • Members
  • 78 posts

Posted 08 February 2006 - 10:32 PM

That's what it should do, yes. If SmartFTP finds a private network IP in the PASV command, it ignores this IP and uses the IP that was used to connect to the server instead if this option is checked.

Ok. Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users