Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

vsftpd

Posted on 2014-01-02
23
467 Views
Last Modified: 2014-01-19
I did install vsftpd on redhat linux 6. I need help with the following.  I have disabled selinux and flushed the iptables. So there is no security measure here as per my knowledge.

1. what is passive and active?  How do i know what is my current status. is it passive or active setup?
2. How do i change the log file. instead of xferlog, I need vsftpd.log should be generated.
3. when I tried to ftp from windows, I get the following message and it hung.

C:\Users\Owner\Desktop>ftp 192.168.3.127
Connected to 192.168.3.127.
220 (vsFTPd 2.2.2)
User (192.168.3.127:(none)): mano
331 Please specify the password.
Password:
230 Login successful.
ftp>
ftp> ls
200 PORT command successful. Consider using PASV.
0
Comment
Question by:ittechlab
  • 9
  • 7
  • 4
  • +2
23 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39752720
The built-in Windows FTP is pretty crippled.  You should consider using an FTP client like Filezilla or CoreFTP.  They are much more capable.

PASV mode is initiated by the client.  FTP uses many 'ephemeral' ports above 1024 while it is in operation.  However, firewalls sometimes don't allow that.  So instead of the server using the ephemeral ports, the client does and that's called PASV mode.
0
 

Author Comment

by:ittechlab
ID: 39752770
when we install vsftpd first time in linux, what is the default mode? is it passive or active?

how do i confirm?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39752791
Like I said, PASV mode is invoked by the client, not the server.  The server will operate in the mode requested by the client.  Or at least try to.  I don't think the built-in Windows FTP even does PASV mode.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:ittechlab
ID: 39752836
does vsftpd support both modes ?
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39752848
Yes, most FTP servers support both modes and probably All of them on Linux.  It's only the Windows FTP that doesn't that I know of.
0
 

Author Comment

by:ittechlab
ID: 39752852
what is the main diff in active and passive? which one is better
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39752854
Neither is better.  Active mode does not work thru some firewalls and that is when you must use passive.  Other than the way they use ports, they are the same.  Remember, the Client selects the mode, not the server.
0
 

Author Comment

by:ittechlab
ID: 39752856
do you know how to change the log file in vsftpd?

How do i change the log file. instead of xferlog, I need vsftpd.log should be generated.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39752862
Here's the 'man' page for vsftpd.conf: http://vsftpd.beasts.org/vsftpd_conf.html  If you set 'dual_log_enable' to YES you will get both formats.
0
 

Author Comment

by:ittechlab
ID: 39752867
I did add the following parameter.  but still don't see any logs in vsftpd.log file.
dual_log_enable'=YES

[root@localhost ~]# tailf /var/log/vsftpd.log
0
 

Author Comment

by:ittechlab
ID: 39752888
[root@localhost ~]# cat /etc/vsftpd/vsftpd.conf | grep -v ^#
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dual_log_enable=YES
dirmessage_enable=YES
xferlog_enable=NO
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES


pasv_enable=YES
pasv_min_port=6000
pasv_max_port=6010
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39752966
Did you restart vsftpd or reboot the server?  You probably won't see anything in the vsftpd.log file until something has been transferred.  I doubt that vsftpd will make copies of what is already in the other log file.
0
 

Author Comment

by:ittechlab
ID: 39752973
I did reboot the system. Now its logging.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39752990
Good.  It's doing what you want it to now?
0
 

Expert Comment

by:shinuster
ID: 39753192
Active Mode:

Client initiate command channel from Client Port (eg:x) to Server Port (20/21)
Client will sends Port to server and server acknowledges on command channel.
Server will open data channel to establish data connection.
Client will send Ack to Server

Passive Mode:

Client will opens both command and data channel prior to the data transfer.
Server send Ack on data channel.

For the easiness and flexibility...I recommend Passive mode to be enabled as if in case server can't open data channel due to firewall settings, client will open both command and data channel in Passive mode.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39753195
Well windows FTP does not support passive mode,and since it expects to oprn random port on clients system it needs to be specifically allowed via local firewall
0
 

Author Comment

by:ittechlab
ID: 39754945
I tried from another linux machine and its same. I don't see port 20
0
 
LVL 62

Expert Comment

by:gheist
ID: 39755044
because other linux machine has proper ftp client that uses passive mode by default, so no chance to see port 20 unless you switch off passive mode.
0
 

Author Comment

by:ittechlab
ID: 39755061
i did see its using passive
but i don't see 20
0
 
LVL 62

Expert Comment

by:gheist
ID: 39755139
passive mode does not receive connections from FTP server, port 20 or any other.
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39761776
I suggest to stop iptables completely if you not using it and also check the intermittent firewall between servers and clients because default mode of FTP is always active in case you are unable to access and forced to enter in passive mode then their must be something intermittent which is blocking this access.

TY/SA
0
 
LVL 62

Expert Comment

by:gheist
ID: 39761782
Windows client ftp.exe does not support passive mode at all
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39761786
from windows filezilla or winscp can be used to check this
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux Filesystems reporting faster growth than actual file growth... 7 74
su - oracle could not open session 6 95
winscp where are logs stored 3 51
Apache module 5 42
This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question