Vsftpd passiver ftp modus beinde NAT

mikayil · November 1, 2023, 7:13pm

Hi
I have created the NAT rules in the firewall as requested now I still can not login to FTP server

sahsanu · November 1, 2023, 8:07pm

Hi @mikayil,

Which rules did you create and where?

mikayil · November 1, 2023, 8:55pm

I have at the firewall the port range 12000-12100 NAT at webserver of course also the port 21

sahsanu · November 1, 2023, 8:56pm

But if you are using nat you should redirect those ports from your router to your Hestia server.

mikayil · November 1, 2023, 9:37pm

yes exactly I have a Mikrotik router there were exactly the same ports forwarded

sahsanu · November 1, 2023, 9:48pm

I suppose vsftpd is up and running:

lsof -i:21 -sTCP:LISTEN
systemctl status vsftpd

If you share your domain or ip, I can try to access to your ftp.

mikayil · November 2, 2023, 9:45am

it seems that the services are working

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
vsftpd 1320250 root 3u IPv4 72040115 0t0 TCP *:ftp (LISTEN)

–

vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; preset: enabled)
Active: active (running) since Wed 2023-11-01 20:34:27 CET; 14h ago
Process: 1320249 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
Main PID: 1320250 (vsftpd)
Tasks: 1 (limit: 154543)
Memory: 1.2M
CPU: 969ms
CGroup: /system.slice/vsftpd.service
`-1320250 /usr/sbin/vsftpd /etc/vsftpd.conf

sahsanu · November 2, 2023, 11:21am

If service is up and running, you opened the ports in Hestia firewall and you redirected the ports too in your router… from where you are testing the connection? I’m asking because if you are trying to reach your public ip from inside the private network it won’t work, if that is the case search info about Hairpin NAT.

mikayil · November 2, 2023, 11:56am

the problem appears with external connections. have also tried internal but with internal attempts connection is rejected, so password is not accepted

sahsanu · November 2, 2023, 12:00pm

But is rejected trying to connect using the public address from internal netwrok or it’s rejected using the internal ip?.

Show the output of:

iptables -S

mikayil · November 2, 2023, 12:05pm

at this attempt internal IP address 192.168.x.x. was rejected

mikayil · November 2, 2023, 12:09pm

is it possible to turn off the Passive mode, so from HestiaCP interests

sahsanu · November 2, 2023, 12:14pm

IF you are having problems to connect from external clients using passive mode you will have even more problems using active mode.

Anyway, to disable passive mode, edit file /etc/vsftpd.conf

Replace pasv_enable=YES to pasv_enable=NO, save the file and restart the service:

systemctl restart vsftpd

But all seems a firewall issue.

mikayil · November 2, 2023, 12:48pm

so after deactivating passive mode i get “Permission denied.”
my got no…

mikayil · November 2, 2023, 7:43pm

so last time i installed proftpd now it works
thanks for the support @sahsanu