Can't connect to ftp server by external ip?

D

Denis Sechin2017-02-20 13:29:38

linux

Denis Sechin, 2017-02-20 13:29:38

Raised ftp on ubuntu 16, it enters normally from a remote machine via internal ip, if it enters via external ip it gives an error
Ftp is located behind nat, forwarded port 21 to iptables, remotely if you enter it asks for a login password, then it gives an error, which is on the screen above.
vsftpd config

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=023
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=admin
xferlog_file=/var/log/vsftpd.log
#ascii_upload_enable=YES
#ascii_enable YES
chroot_local_user=YES
allow_writeable_chroot=YES
chroot_local_user=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
pasv_min_port=50000
pasv_max_port= 60000

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Axian Ltd., 2017-02-20
@AxianLTD

Windows has a pretty bad ftp client built into it. Take filezilla for example. And yes..., ftp through NAT works as a rule only in passive mode, if you don't do special dances. And yes, the 21st port for ftp is not enough, see the description of the protocol.

R

Rsa97, 2017-02-20
@Rsa97

Port 21 in FTP is a command channel. A second channel is opened for data transmission, and the port number is dynamically generated in the pasv_min_port - pasv_max_port range. Depending on the mode (active/passive), the port is opened on one of the sides, and the other side is connected to it. Therefore, for NAT, you must either support UPnP on the server and router, or forward the entire range of ports.