Solved

Problems with Passive mode on PROFTP behind firewall

Posted on 2001-07-17
6
1,531 Views
Last Modified: 2013-12-16
I have a problem where I cannot connect to a proftp server in passive mode behind a firewall, the /var/messages file reports SECURITY VIOLATION: Passive connection from x.x.x.x rejected when the server tries to initiate passive mode.

Non passive mode connections are fine, but I have some customers who need passive mode.

I have set the passive ports directive in proftpd.conf, and ensured that the relevant ports are open on the firewall, but still can't get the server to do anything useful in passive mode. It eventually times out, saying that no transfer has taken place.

Please help.
0
Comment
Question by:dredmann
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:rcm9445
Comment Utility
Try using tcp/ip wrappers to send the packets thru port 80 instead of port 23.
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 200 total points
Comment Utility
What kind of firewall do you have?  If it is a non-transparent application proxy such as Raptor, it may be chaning the aparent IP address of some of the packets.  This may be causing the security violation the software is complaining about.
0
 

Author Comment

by:dredmann
Comment Utility
The firewall is by borderware.
The actual message reported is:

1.1.1.1 (gateway-ext.central.smartways.com[2.2.2.2]) - SECURITY VIOLATION: Passive connection from 3.3.3.3 rejected.


I've replaced the ip addresses for security reasons:
1.1.1.1 The host ftp server
2.2.2.2 IP of external side of clients firewall
3.3.3.3 IP of Internal side of our firewall

The ftp connection is being initiated inside the client's firewall.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
This is exactly the type of thing I was talking about.  The firewall intercepts the data traffic, making the ftp server see its IP address as the originating address for the packets.

The only way to solve this problem is to fix your firewall (or perhaps configure proftpd not to be concerned with this, but it's probably a problem for your clients too).
0
 

Author Comment

by:dredmann
Comment Utility
Chris, how would you suggest that I go about making Proftp not care about the addresses getting changed?
0
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
Never used proftp, so I can't tell you.  However this firewall behavior is likely to cause problems for your clients too, so the real answer is fixing the firewall.  I'd contact the firewall vendor to see if they have a solution to this problem.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now