We help IT Professionals succeed at work.

vsftpd

500 Views
Last Modified: 2014-01-19
I did install vsftpd on redhat linux 6. I need help with the following.  I have disabled selinux and flushed the iptables. So there is no security measure here as per my knowledge.

1. what is passive and active?  How do i know what is my current status. is it passive or active setup?
2. How do i change the log file. instead of xferlog, I need vsftpd.log should be generated.
3. when I tried to ftp from windows, I get the following message and it hung.

C:\Users\Owner\Desktop>ftp 192.168.3.127
Connected to 192.168.3.127.
220 (vsFTPd 2.2.2)
User (192.168.3.127:(none)): mano
331 Please specify the password.
Password:
230 Login successful.
ftp>
ftp> ls
200 PORT command successful. Consider using PASV.
Comment
Watch Question

Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
The built-in Windows FTP is pretty crippled.  You should consider using an FTP client like Filezilla or CoreFTP.  They are much more capable.

PASV mode is initiated by the client.  FTP uses many 'ephemeral' ports above 1024 while it is in operation.  However, firewalls sometimes don't allow that.  So instead of the server using the ephemeral ports, the client does and that's called PASV mode.
ittechlabLinux Support

Author

Commented:
when we install vsftpd first time in linux, what is the default mode? is it passive or active?

how do i confirm?
Fixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
ittechlabLinux Support

Author

Commented:
does vsftpd support both modes ?
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
Yes, most FTP servers support both modes and probably All of them on Linux.  It's only the Windows FTP that doesn't that I know of.
ittechlabLinux Support

Author

Commented:
what is the main diff in active and passive? which one is better
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
Neither is better.  Active mode does not work thru some firewalls and that is when you must use passive.  Other than the way they use ports, they are the same.  Remember, the Client selects the mode, not the server.
ittechlabLinux Support

Author

Commented:
do you know how to change the log file in vsftpd?

How do i change the log file. instead of xferlog, I need vsftpd.log should be generated.
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
Here's the 'man' page for vsftpd.conf: http://vsftpd.beasts.org/vsftpd_conf.html  If you set 'dual_log_enable' to YES you will get both formats.
ittechlabLinux Support

Author

Commented:
I did add the following parameter.  but still don't see any logs in vsftpd.log file.
dual_log_enable'=YES

[root@localhost ~]# tailf /var/log/vsftpd.log
ittechlabLinux Support

Author

Commented:
[root@localhost ~]# cat /etc/vsftpd/vsftpd.conf | grep -v ^#
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
dual_log_enable=YES
dirmessage_enable=YES
xferlog_enable=NO
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES


pasv_enable=YES
pasv_min_port=6000
pasv_max_port=6010
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
Did you restart vsftpd or reboot the server?  You probably won't see anything in the vsftpd.log file until something has been transferred.  I doubt that vsftpd will make copies of what is already in the other log file.
ittechlabLinux Support

Author

Commented:
I did reboot the system. Now its logging.
Dave BaldwinFixer of Problems
CERTIFIED EXPERT
Most Valuable Expert 2014

Commented:
Good.  It's doing what you want it to now?
Active Mode:

Client initiate command channel from Client Port (eg:x) to Server Port (20/21)
Client will sends Port to server and server acknowledges on command channel.
Server will open data channel to establish data connection.
Client will send Ack to Server

Passive Mode:

Client will opens both command and data channel prior to the data transfer.
Server send Ack on data channel.

For the easiness and flexibility...I recommend Passive mode to be enabled as if in case server can't open data channel due to firewall settings, client will open both command and data channel in Passive mode.
Top Expert 2015

Commented:
Well windows FTP does not support passive mode,and since it expects to oprn random port on clients system it needs to be specifically allowed via local firewall
ittechlabLinux Support

Author

Commented:
I tried from another linux machine and its same. I don't see port 20
Top Expert 2015

Commented:
because other linux machine has proper ftp client that uses passive mode by default, so no chance to see port 20 unless you switch off passive mode.
ittechlabLinux Support

Author

Commented:
i did see its using passive
but i don't see 20
Top Expert 2015

Commented:
passive mode does not receive connections from FTP server, port 20 or any other.

Commented:
I suggest to stop iptables completely if you not using it and also check the intermittent firewall between servers and clients because default mode of FTP is always active in case you are unable to access and forced to enter in passive mode then their must be something intermittent which is blocking this access.

TY/SA
Top Expert 2015

Commented:
Windows client ftp.exe does not support passive mode at all

Commented:
from windows filezilla or winscp can be used to check this

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.