[gentoo-user] OT - vsftp 425 bad IP connecting

[gentoo-user] OT - vsftp 425 bad IP connecting

[Michael Sullivan]

One of my users is having a problem with FTP access to my server.  He
says that he can connect and get a listing for his home directory, but
he can't do anything beyond seeing the listing.  He's connecting from
outside the network.  I can connect and interact with my personal
account through FTP just fine from inside the network, but everytime I
try to connect like he does (using ftp.espersunited.com) I get a 425
Security Bad IP error.  I don't have access to a computer physically
outside the network to use to diagnose this problem, so working around
this Bad IP error is my only option.  The IP address that
ftp.espersunited.com points to is the external address of my router, so
it might be complaining because the requesting IP is the same as the
requested IP.  Any help on fixing this?  Google and the vsftpd.conf man
page were no help... 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - vsftp 425 bad IP connecting

[A. Khattri]

On Thu, 18 Aug 2005, Michael Sullivan wrote:

> One of my users is having a problem with FTP access to my server.  He
> says that he can connect and get a listing for his home directory, but
> he can't do anything beyond seeing the listing.  He's connecting from
> outside the network.  I can connect and interact with my personal
> account through FTP just fine from inside the network, but everytime I
> try to connect like he does (using ftp.espersunited.com) I get a 425
> Security Bad IP error.  I don't have access to a computer physically
> outside the network to use to diagnose this problem, so working around
> this Bad IP error is my only option.  The IP address that
> ftp.espersunited.com points to is the external address of my router, so
> it might be complaining because the requesting IP is the same as the
> requested IP.  Any help on fixing this?  Google and the vsftpd.conf man
> page were no help...

Pleae be aware of how FTP works: there are two connections per user - one
is the control port and one is for data. With active FTP, the user's FTP
client picks a local port number for the data port. With passive FTP, the
server picks a data port number and tells the client what port number to
use. Obviously, your router and/or firewall needs to be configured to
allow both types of ports into your LAN and to forward the ports to the
correct place. Passive FTP is better from a firewall point of view but
your firewall still needs to know to open the port for incoming
connections. If you firewall is not capable of doing that then this wont
work and you may need to put you FTP server outside of your firewall in a
DMZ.


-- 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - vsftp 425 bad IP connecting

[Willie Wong]

A quick search on google reveals the following as a possibility:
 
 Your server might be responding to the PASV connection by giving the
 lan-ip. Try setting the 
 	pasv_promiscuous=YES
 and/or
	pasv_addrs=<insert wan ip here> 
 in the config. 

The suggestions are completely untested... and I don't use VSFTP
myself, just acting as a Google-Proxy (=

W
 

On Thu, Aug 18, 2005 at 09:03:23AM -0500, Michael Sullivan wrote:
> One of my users is having a problem with FTP access to my server.  He
> says that he can connect and get a listing for his home directory, but
> he can't do anything beyond seeing the listing.  He's connecting from
> outside the network.  I can connect and interact with my personal
> account through FTP just fine from inside the network, but everytime I
> try to connect like he does (using ftp.espersunited.com) I get a 425
> Security Bad IP error.  I don't have access to a computer physically
> outside the network to use to diagnose this problem, so working around
> this Bad IP error is my only option.  The IP address that
> ftp.espersunited.com points to is the external address of my router, so
> it might be complaining because the requesting IP is the same as the
> requested IP.  Any help on fixing this?  Google and the vsftpd.conf man
> page were no help... 
> 
> -- 
> gentoo-user@gentoo.org mailing list

-- 
Death Mech and Death EM should be events in the X-games.
       ~Willie Wong
Sortir en Pantoufles: up 6 days, 20:16
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - vsftp 425 bad IP connecting

[Michael Sullivan]

On Thu, 2005-08-18 at 12:56 -0400, A. Khattri wrote:
> On Thu, 18 Aug 2005, Michael Sullivan wrote:
> 
> > One of my users is having a problem with FTP access to my server.  He
> > says that he can connect and get a listing for his home directory, but
> > he can't do anything beyond seeing the listing.  He's connecting from
> > outside the network.  I can connect and interact with my personal
> > account through FTP just fine from inside the network, but everytime I
> > try to connect like he does (using ftp.espersunited.com) I get a 425
> > Security Bad IP error.  I don't have access to a computer physically
> > outside the network to use to diagnose this problem, so working around
> > this Bad IP error is my only option.  The IP address that
> > ftp.espersunited.com points to is the external address of my router, so
> > it might be complaining because the requesting IP is the same as the
> > requested IP.  Any help on fixing this?  Google and the vsftpd.conf man
> > page were no help...
> 
> Pleae be aware of how FTP works: there are two connections per user - one
> is the control port and one is for data. With active FTP, the user's FTP
> client picks a local port number for the data port. With passive FTP, the
> server picks a data port number and tells the client what port number to
> use. Obviously, your router and/or firewall needs to be configured to
> allow both types of ports into your LAN and to forward the ports to the
> correct place. Passive FTP is better from a firewall point of view but
> your firewall still needs to know to open the port for incoming
> connections. If you firewall is not capable of doing that then this wont
> work and you may need to put you FTP server outside of your firewall in a
> DMZ.

The user can login with his username and password and get a listing of
his home directory just fine (as I said above) so I don't see how this
could be a firewall issue.  Nevertheless, I checked the firewall and
port forwarding settings in my router.  TCP port 21 is forwarded to port
21 of 192.168.1.2, which is my server box.  

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - vsftp 425 bad IP connecting [SOLVED]

[Michael Sullivan]

On Thu, 2005-08-18 at 13:19 -0400, Willie Wong wrote:
> A quick search on google reveals the following as a possibility:
>  
>  Your server might be responding to the PASV connection by giving the
>  lan-ip. Try setting the 
>  	pasv_promiscuous=YES
>  and/or
> 	pasv_addrs=<insert wan ip here> 
>  in the config. 
> 
> The suggestions are completely untested... and I don't use VSFTP
> myself, just acting as a Google-Proxy (=
> 
> W
>  
> 
> On Thu, Aug 18, 2005 at 09:03:23AM -0500, Michael Sullivan wrote:
> > One of my users is having a problem with FTP access to my server.  He
> > says that he can connect and get a listing for his home directory, but
> > he can't do anything beyond seeing the listing.  He's connecting from
> > outside the network.  I can connect and interact with my personal
> > account through FTP just fine from inside the network, but everytime I
> > try to connect like he does (using ftp.espersunited.com) I get a 425
> > Security Bad IP error.  I don't have access to a computer physically
> > outside the network to use to diagnose this problem, so working around
> > this Bad IP error is my only option.  The IP address that
> > ftp.espersunited.com points to is the external address of my router, so
> > it might be complaining because the requesting IP is the same as the
> > requested IP.  Any help on fixing this?  Google and the vsftpd.conf man
> > page were no help... 
> > 
> > -- 
> > gentoo-user@gentoo.org mailing list
> 
> -- 
> Death Mech and Death EM should be events in the X-games.
>        ~Willie Wong
> Sortir en Pantoufles: up 6 days, 20:16

I can now log in to my account via FTP using the ftp.espersunited.com
(extenal IP).  This might fix the user's problem as well - he's not
available to try it.  If it doesn't, I'll probably right back in if
further information from him and research doesn't provide the answer...

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] OT - vsftp 425 bad IP connecting

[Bryan Whitehead]

Are you blocking port 20 outgoing?

http://slacksite.com/other/ftp.html

On Thu, 18 Aug 2005, Willie Wong wrote:

> A quick search on google reveals the following as a possibility:
>
> Your server might be responding to the PASV connection by giving the
> lan-ip. Try setting the
> 	pasv_promiscuous=YES
> and/or
> 	pasv_addrs=<insert wan ip here>
> in the config.
>
> The suggestions are completely untested... and I don't use VSFTP
> myself, just acting as a Google-Proxy (=
>
> W
>
>
> On Thu, Aug 18, 2005 at 09:03:23AM -0500, Michael Sullivan wrote:
>> One of my users is having a problem with FTP access to my server.  He
>> says that he can connect and get a listing for his home directory, but
>> he can't do anything beyond seeing the listing.  He's connecting from
>> outside the network.  I can connect and interact with my personal
>> account through FTP just fine from inside the network, but everytime I
>> try to connect like he does (using ftp.espersunited.com) I get a 425
>> Security Bad IP error.  I don't have access to a computer physically
>> outside the network to use to diagnose this problem, so working around
>> this Bad IP error is my only option.  The IP address that
>> ftp.espersunited.com points to is the external address of my router, so
>> it might be complaining because the requesting IP is the same as the
>> requested IP.  Any help on fixing this?  Google and the vsftpd.conf man
>> page were no help...
>>
>> --
>> gentoo-user@gentoo.org mailing list
>
>

-- 
Bryan Whitehead
Email:driver@megahappy.net
-- 
gentoo-user@gentoo.org mailing list