Vsftpd passiver ftp modus beinde NAT

I have created the NAT rules in the firewall as requested now I still can not login to FTP server

Hi @mikayil,

Which rules did you create and where?

I have at the firewall the port range 12000-12100 NAT at webserver of course also the port 21

But if you are using nat you should redirect those ports from your router to your Hestia server.

yes exactly I have a Mikrotik router there were exactly the same ports forwarded

I suppose vsftpd is up and running:

lsof -i:21 -sTCP:LISTEN
systemctl status vsftpd

If you share your domain or ip, I can try to access to your ftp.

it seems that the services are working

vsftpd 1320250 root 3u IPv4 72040115 0t0 TCP *:ftp (LISTEN)

  • vsftpd.service - vsftpd FTP server
    Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; preset: enabled)
    Active: active (running) since Wed 2023-11-01 20:34:27 CET; 14h ago
    Process: 1320249 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
    Main PID: 1320250 (vsftpd)
    Tasks: 1 (limit: 154543)
    Memory: 1.2M
    CPU: 969ms
    CGroup: /system.slice/vsftpd.service
    `-1320250 /usr/sbin/vsftpd /etc/vsftpd.conf

If service is up and running, you opened the ports in Hestia firewall and you redirected the ports too in your router… from where you are testing the connection? I’m asking because if you are trying to reach your public ip from inside the private network it won’t work, if that is the case search info about Hairpin NAT.

the problem appears with external connections. have also tried internal but with internal attempts connection is rejected, so password is not accepted

But is rejected trying to connect using the public address from internal netwrok or it’s rejected using the internal ip?.

Show the output of:

iptables -S

at this attempt internal IP address 192.168.x.x. was rejected

is it possible to turn off the Passive mode, so from HestiaCP interests

IF you are having problems to connect from external clients using passive mode you will have even more problems using active mode.

Anyway, to disable passive mode, edit file /etc/vsftpd.conf

Replace pasv_enable=YES to pasv_enable=NO, save the file and restart the service:

systemctl restart vsftpd

But all seems a firewall issue.

so after deactivating passive mode i get “Permission denied.”
my got no…

so last time i installed proftpd now it works
thanks for the support @sahsanu

1 Like