Vsftpd passive mode ports problems with apf firewalls
If you have an apf firewall setup on your linux box and running vsftpd as your ftp server. You might have problem when accessing to your ftp server via ftp client. Most of the ftp client transferring data via passive mode which used a big range of ports which usually blocked by your firewall by default. Users will get an error message and wont be able to get the dir listings “LIST”.
Example:
Command: LIST
Error: Transfer channel can’t be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing
There is a way to overcome this matter, first is to define a range of ports will be used for passive mode in vsftpd config file. Secondly, open the defined tcp port in your firewall setting.
1. Create vsftpd passive ports
#vi /etc/vsftpd/vsftpd.conf
Scroll down to the bottom and add the followings lines:
pasv_enable=YES
pasv_max_port=9000
pasv_min_port=9050pasv_max_port=9000
pasv_min_port=9050
Save the config file and restart vsftpd
#service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
2. Firewalls rules (APF Firewall)
Open your apf firewall configuration file:
#vi /etc/apf/conf.apf
Add the ports range of 9000 to 9050 into IG_TCP_CPORTS
IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,……,9000_9050″
Save it and restart your apf firewall
#apf -r
Now you should be able to access your ftp server in passive mode.
Many ppl found that installing VPN on linux is not that easy, the abvailable installation guides on VPN is often limited. I have tried a lot of installation guides and finally get it connected successfully.