3
I have been having problems with my ftp server that I have tried fixing for over a week now.
My configuration:
- I am running Raspbian on a Raspberry Pi.
- My ftp server is pure-ftpd, and I'm running it with these switches:
/usr/local/sbin/pure-ftpd -D -C 5 -E -A -H -x -p 35000:36000 -u 0 -y 5:3 -Y 1
- I have compiled it with the option "--with-tls"
- I am using explicit TLS encryption, (I have also tried implicit, same result)
- I have port forwarded my passive port range as defined by the -p switch in pure-ftpd
- I have also port forwarded port 20 to 21
Other servers I'm running:
- A samba server
- An Apache web server
- Custom Python socket server
- and the built in shh/sftp server
I also have the no-ip DUC client running
In short here are the problems I'm having with pure-ftpd:
- FTP in LAN without TLS (Active and Passive): Working
- FTP in LAN with TLS (Active and Passive): Working
- FTP in WAN without TLS (Passive): Working
- FTP in WAN with TLS (Active and Passive): Not working
- Can't change port as it won't work in WAN
Here are the error logs and the things I have tried:
ftptest.net results (for FTP with tls):
........
Command: PASV
Reply: 227 Entering Passive Mode (192,168,0,4,138,78)
Error: Server returned unroutable private IP address in PASV reply
I have read on forums that you have to specify PASV IP address with the -P switch, so I did, and this is the result:
Reply: 211-Extensions supported:
.....................
Error: Carriage return without line feed received
And this is for both without and with tls! So yeah, the -P switch doesn't work at all!
I should also point out that the passive mode ports are correct (taken from PASV command)
Filezilla log (with explicit tls):
Command: PASV
Response: 227 Entering Passive Mode (192,168,0,4,138,251)
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: MLSD
Error: The data connection could not be established: ECONNREFUSED - Connection refused by server
Error: Connection closed by server
Error: Failed to retrieve directory listing
With -P switch:
Same thing except no "Server sent unrouteable address*"
I have also tried messing with the firewall (iptables), by allowing everything (thus, disabling the firewall) with these commands:
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
I also cannot change the default port, because if I do, I get a connection refused error.
And I have yet another strange symptom that just started appearing today:
I can only open port 21 to 21 (it works) because if I open up 20, I get the ssh server.
Log for that:
Status: Connected, waiting for welcome message... Reply:
SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
Error: Reply does not contain valid response code
I also tried port forwarding port 443, 989 to 990 (that was for implicit tls) and I tried setting the Raspberry Pi as a DMZ host.
Note: I switched from vsftpd as it was slow and did not support secure ftp (the 3.x for Raspberry Pi needs to be compiled with secure ftp support, but I got an error compiling) , and I don't use proftpd because it couldn't compile with tls support
/var/log/messages does not provide any helpful information (only says that user is logged in every time with or without tls)
Hopefully you guys can help me out here as I am really lost!
If you have found an answer, then post it as an answer, below. – user1686 – 2015-05-10T20:24:11.427