Re: vsftpd working but not with Internet Explorer
- From: mpetch@xxxxxxxxx
- Date: 5 Oct 2006 14:10:47 -0700
Aaron Gray wrote:
I have a FC4 machine that was with vsftpd-2.0.3 and working fine with all my
clients except Internet Explorer.
I updated vsftpd to vsftpd 2.0.5-8 but still have the same situation.
Anyone know why not ?
Many thanks in advance,
Aaron
My guess is that IE is using passive mode by default. It was
recommended to turn this off. That is an option. I have a hard time
convincing IE users to change their settings for FTP.
In passive mode Firewalls in front of the ftp server (or on the ftp
server) will interfere with correct operation of ftp. Passive FTP
requires some degree of port forwarding (If a firewall sits in front of
the server) AND/OR opening up a range of ports on the ftp Server.
In passive mode the server actually finds a free port (by default from
0 to 65535 usually) and transmits that back to the ftp client. The FTP
client then has to make another connection to the server on the port
the server specified. Of course any firewall that blocks ports (Or
doesn't forward them to the server) will make this secondary connection
impossible to do.
A work around is to open up a range of ports (Rather than ALL the
ports) on the firewall (or port forward them from the firewall back to
the ftp server). For example lets say 6000-6300. You must then
configure vsftpd to use the specific range of ports (6000-6300 for
example) rather than the default of all.
I am not a vsftpd user (I have had your issues with other FTP servers)
but according to the online documentation, the configuration settings
you want to modify for passive mode are:
------------------
pasv_address - Specifies the IP address for the public facing IP
address of the server for servers behind Network Address Translation
(NAT) firewalls. This enables vsftpd to hand out the correct return
address for passive mode connections. Fill this in with the external IP
address FTP requests come in on from the outside world.
pasv_enable - When enabled, passive mode connects are allowed.
The default value is YES. Make sure this is set to Yes
pasv_max_port - Specifies the highest possible port sent to the FTP
clients for passive mode connections. This setting is used to limit the
port range so that firewall rules are easier to create. In our example
you would put 6300 in.
The default value is 0, which does not limit the highest passive port
range. The value must not exceed 65535.
pasv_min_port - Specifies the lowest possible port sent to the FTP
clients for passive mode connections. This setting is used to limit the
port range so that firewall rules are easier to create. In our example
you'd use 6300.
------------
Once vsftpd is configured and the firewalls you have on your server and
(or in front of it) forward ports (or open up the ports) properly all
should be fine. If you don't have control over the firewalls on your
systems then passive mode will not work properly.
Mike
.
- Follow-Ups:
- Re: vsftpd working but not with Internet Explorer
- From: kurt
- Re: vsftpd working but not with Internet Explorer
- From: mpetch
- Re: vsftpd working but not with Internet Explorer
- References:
- vsftpd working but not with Internet Explorer
- From: Aaron Gray
- vsftpd working but not with Internet Explorer
- Prev by Date: Re: This md5 thing...
- Next by Date: Re: vsftpd working but not with Internet Explorer
- Previous by thread: Re: vsftpd working but not with Internet Explorer
- Next by thread: Re: vsftpd working but not with Internet Explorer
- Index(es):
Relevant Pages
|
