From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E5oGc-0002Lp-OP for garchives@archives.gentoo.org; Thu, 18 Aug 2005 17:33:27 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7IHWBir019650; Thu, 18 Aug 2005 17:32:11 GMT Received: from bullet.espersunited.com (24-117-226-93.cpe.cableone.net [24.117.226.93]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7IHQY5e005133 for ; Thu, 18 Aug 2005 17:26:35 GMT Received: from baby.espersunited.com (baby.espersunited.com [192.168.1.3]) by bullet.espersunited.com (8.13.4/8.13.3) with ESMTP id j7IHReZj032676 for ; Thu, 18 Aug 2005 12:27:42 -0500 Subject: Re: [gentoo-user] OT - vsftp 425 bad IP connecting From: Michael Sullivan To: gentoo-user@lists.gentoo.org In-Reply-To: References: <1124373803.11476.41.camel@baby.espersunited.com> Content-Type: text/plain Date: Thu, 18 Aug 2005 12:26:27 -0500 Message-Id: <1124385988.3575.44.camel@baby.espersunited.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 Content-Transfer-Encoding: 7bit X-Archives-Salt: 9b617b09-197e-4d90-9d5a-20430ba13090 X-Archives-Hash: f2e198157338e166d403e083b91200a8 On Thu, 2005-08-18 at 12:56 -0400, A. Khattri wrote: > On Thu, 18 Aug 2005, Michael Sullivan wrote: > > > One of my users is having a problem with FTP access to my server. He > > says that he can connect and get a listing for his home directory, but > > he can't do anything beyond seeing the listing. He's connecting from > > outside the network. I can connect and interact with my personal > > account through FTP just fine from inside the network, but everytime I > > try to connect like he does (using ftp.espersunited.com) I get a 425 > > Security Bad IP error. I don't have access to a computer physically > > outside the network to use to diagnose this problem, so working around > > this Bad IP error is my only option. The IP address that > > ftp.espersunited.com points to is the external address of my router, so > > it might be complaining because the requesting IP is the same as the > > requested IP. Any help on fixing this? Google and the vsftpd.conf man > > page were no help... > > Pleae be aware of how FTP works: there are two connections per user - one > is the control port and one is for data. With active FTP, the user's FTP > client picks a local port number for the data port. With passive FTP, the > server picks a data port number and tells the client what port number to > use. Obviously, your router and/or firewall needs to be configured to > allow both types of ports into your LAN and to forward the ports to the > correct place. Passive FTP is better from a firewall point of view but > your firewall still needs to know to open the port for incoming > connections. If you firewall is not capable of doing that then this wont > work and you may need to put you FTP server outside of your firewall in a > DMZ. The user can login with his username and password and get a listing of his home directory just fine (as I said above) so I don't see how this could be a firewall issue. Nevertheless, I checked the firewall and port forwarding settings in my router. TCP port 21 is forwarded to port 21 of 192.168.1.2, which is my server box. -- gentoo-user@gentoo.org mailing list