Can't FTP into virtualhost

I’m having troubles connecting to a virtualhost with FTP.

The FTP client (tried wWINscp, filezilla, windows explorer and CurlFtpFS) does connect;
and the log confirms it:

>     > Fri Oct 7 18:02:19 2016 [pid 10612] CONNECT: Client "10.0.0.xxx" 
>     > Fri Oct 7 18:02:19 2016 [pid 10611] [repo] OK LOGIN: Client "10.0.0.xxx" 
>     > Fri Oct 7 18:02:39 2016 [pid 10615] CONNECT: Client "10.0.0.85" 
>     > Fri Oct 7 18:02:39 2016 [pid 10614] [repo] OK LOGIN: Client "10.0.0.xxx"

In general the FTP client complains about retrieving a file list, Filezilla’s client log:

Status:	Resolving address of repo.xxxxxxx.lan
Status:	Connecting to 10.0.0.xxx:21...
Status:	Connection established, waiting for welcome message...
Status:	Logged in
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/"
Command:	TYPE I
Response:	200 Switching to Binary mode.
Command:	PASV
Response:	227 Entering Passive Mode (10,0,0,36,120,220).
Command:	LIST
Error:	The data connection could not be established: ECONNREFUSED - Connection refused by server
Error:	Connection timed out after 20 seconds of inactivity
Error:	Failed to retrieve directory listing

Any clues?

1 Like

Is the NS ftp service behind a NAT?

No, local (green) lan
Edit, mabey it’s DNS, the server does not act as dns server, iv made a dns entry (alias) eslewhere

Thinking about this: how does the FTP sever know which virtual host should connected to?
Does it only serve (like web-dav) the files granted access to by user/password?

Reproduced.
Passive ftp do not work, the firewall blocks the incoming connection.
Workaround: use active ftp.

I’ll continue to investigate and let you know.

EDIT: It seems that we need to define the ftp helper. I added the following line to /etc/shorewall/rules to enable passive mode ftp:
FTP(HELPER) loc -
Source:
http://www.shorewall.org/FTP.html

I think we will have problems with hylafax.

4 Likes

Adding this to the shorewall rules (i haveput it in the ftp section) works like a charm !

Thanx

should i make a issue of this so its stays on the radar?

Yes, thank you.
BTW, I re-read shorewall manual yesterday, I need to make some tests to find the best solution.

1 Like