From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1E5npE-0003JN-TA for garchives@archives.gentoo.org; Thu, 18 Aug 2005 17:05:09 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j7IH3oAZ032472; Thu, 18 Aug 2005 17:03:50 GMT Received: from mail.bway.net (xena.bway.net [216.220.96.26]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j7IGxLht030562 for ; Thu, 18 Aug 2005 16:59:22 GMT Received: (qmail 24004 invoked by uid 0); 18 Aug 2005 16:59:22 -0000 Received: from unknown (HELO ida.bway.net) (216.220.96.4) by smtp.bway.net with (EDH-RSA-DES-CBC3-SHA encrypted) SMTP; 18 Aug 2005 16:59:22 -0000 Date: Thu, 18 Aug 2005 12:56:13 -0400 (EDT) From: "A. Khattri" To: gentoo-user Subject: Re: [gentoo-user] OT - vsftp 425 bad IP connecting In-Reply-To: <1124373803.11476.41.camel@baby.espersunited.com> Message-ID: References: <1124373803.11476.41.camel@baby.espersunited.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Archives-Salt: 85e9b811-0cc3-4614-870c-d3f2233d143a X-Archives-Hash: 8874fd3cd7aa0abd855a362fb93cd15e On Thu, 18 Aug 2005, Michael Sullivan wrote: > One of my users is having a problem with FTP access to my server. He > says that he can connect and get a listing for his home directory, but > he can't do anything beyond seeing the listing. He's connecting from > outside the network. I can connect and interact with my personal > account through FTP just fine from inside the network, but everytime I > try to connect like he does (using ftp.espersunited.com) I get a 425 > Security Bad IP error. I don't have access to a computer physically > outside the network to use to diagnose this problem, so working around > this Bad IP error is my only option. The IP address that > ftp.espersunited.com points to is the external address of my router, so > it might be complaining because the requesting IP is the same as the > requested IP. Any help on fixing this? Google and the vsftpd.conf man > page were no help... Pleae be aware of how FTP works: there are two connections per user - one is the control port and one is for data. With active FTP, the user's FTP client picks a local port number for the data port. With passive FTP, the server picks a data port number and tells the client what port number to use. Obviously, your router and/or firewall needs to be configured to allow both types of ports into your LAN and to forward the ports to the correct place. Passive FTP is better from a firewall point of view but your firewall still needs to know to open the port for incoming connections. If you firewall is not capable of doing that then this wont work and you may need to put you FTP server outside of your firewall in a DMZ. -- -- gentoo-user@gentoo.org mailing list