On Thu, 2005-08-18 at 12:56 -0400, A. Khattri wrote: > On Thu, 18 Aug 2005, Michael Sullivan wrote: > > > One of my users is having a problem with FTP access to my server. He > > says that he can connect and get a listing for his home directory, but > > he can't do anything beyond seeing the listing. He's connecting from > > outside the network. I can connect and interact with my personal > > account through FTP just fine from inside the network, but everytime I > > try to connect like he does (using ftp.espersunited.com) I get a 425 > > Security Bad IP error. I don't have access to a computer physically > > outside the network to use to diagnose this problem, so working around > > this Bad IP error is my only option. The IP address that > > ftp.espersunited.com points to is the external address of my router, so > > it might be complaining because the requesting IP is the same as the > > requested IP. Any help on fixing this? Google and the vsftpd.conf man > > page were no help... > > Pleae be aware of how FTP works: there are two connections per user - one > is the control port and one is for data. With active FTP, the user's FTP > client picks a local port number for the data port. With passive FTP, the > server picks a data port number and tells the client what port number to > use. Obviously, your router and/or firewall needs to be configured to > allow both types of ports into your LAN and to forward the ports to the > correct place. Passive FTP is better from a firewall point of view but > your firewall still needs to know to open the port for incoming > connections. If you firewall is not capable of doing that then this wont > work and you may need to put you FTP server outside of your firewall in a > DMZ.
The user can login with his username and password and get a listing of his home directory just fine (as I said above) so I don't see how this could be a firewall issue. Nevertheless, I checked the firewall and port forwarding settings in my router. TCP port 21 is forwarded to port 21 of 192.168.1.2, which is my server box. -- gentoo-user@gentoo.org mailing list
