[SOLVED] vsftpd accros the NAT .

leongoogs · Post by **leongoogs** » 2011/08/15 06:42:46

Hi Just trying to get vsftpd working . I am currently able to login on the local subnet connects securely and can transfer files both ways.
Using a virtual user . had a bit of trouble initial in that Selinux set the virtual user directory to read only for ftp . My problem occurs
when I go external to the local subnet. I have an external ADSL2+ modem that is used as NAT and firewall I can logon going out and back
to my WEB IP address but do-not get any directory, likewise from another external IP address . This also occurs with firewall and SElinux turned
off . There are also no denies recorded in the SElinux logs or any blocked packets in the firewall logs when it is on The vsftp log records the
connection OK . Is there something in vsftpd.conf that needs to be set for non-local sub-nets to logon ?

anon_world_readable_only=NO
anonymous_enable=NO
chroot_local_user=YES
guest_enable=NO
guest_username=ftp
hide_ids=YES
listen=YES
listen_address=192.XXX.XXX.XX (removed)
local_enable=YES
max_clients=100
max_per_ip=2
nopriv_user=ftp
pam_service_name=ftp
pasv_max_port=65535
pasv_min_port=64000
session_support=NO
use_localtime=YES
user_config_dir=/etc/vsftpd/users
userlist_enable=YES
userlist_file=/etc/vsftpd/denied_users
xferlog_enable=YES
anon_umask=027
local_umask=027
async_abor_enable=YES
connect_from_port_20=YES
dirlist_enable=NO
download_enable=NO
write_enable=YES
#
# TLS Configuration
#
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

Leo

lystor · Post by **lystor** » 2011/08/15 07:47:46

[quote]
leongoogs wrote:
Hi Just trying to get vsftpd working . I am currently able to login on the local subnet connects securely and can transfer files both ways.
Using a virtual user . had a bit of trouble initial in that Selinux set the virtual user directory to read only for ftp . My problem occurs
when I go external to the local subnet. I have an external ADSL2+ modem that is used as NAT and firewall I can logon going out and back
to my WEB IP address but do-not get any directory, likewise from another external IP address . This also occurs with firewall and SElinux turned
off . There are also no denies recorded in the SElinux logs or any blocked packets in the firewall logs when it is on The vsftp log records the
connection OK . Is there something in vsftpd.conf that needs to be set for non-local sub-nets to logon ?
[/quote]

Hi
Try to connect to your [url=http://pkgs.org/package/vsftpd]vsftpd[/url] server using FTP passive mode on the client side.

leongoogs · Post by **leongoogs** » 2011/08/16 10:21:24

Thanks for the clue.
I was using Bareftp as a client there seems to be some trouble resolving the IP across the NAT. Tried Filezilla and there were some options to prefer
passive mode and the network connection wizard did the rest. Still more to learn yet . Works now thanks.

Thanks

Leo :lol:

AlanBartlett · Post by **AlanBartlett** » 2011/08/16 13:14:46

Thank you for reporting back with details of your success.

On your behalf, and for posterity, this thread is marked [SOLVED].

CentOS