Hello World!
Quick tip in order to allow passive connections (a.k.a. PASV).I was trying to put my cPan*l backups on a Zentyal powered server. Everything seemed fine until I looked the logs...
PASV
227 Entering Passive Mode (123,123,123,123,47,27).
STOR mybackup.tar.gz
425 Failed to establish connection.
Problem:vsFTPd (on Zentyal -at least) doesn't allow/accept passive connections.
Solution:** Make sure to be the root user **First, let's add a custom IPTables rule.
cat > /etc/zentyal/hooks/firewall.postservice <<-FIREWALL
#!/bin/sh
# This is the firewall postservice script and it's run after Zentyal
# has finished setting up the firewall.
# You can add here custom rules that you might need for your firewall
# The script will receive a command line argument indicating whether the
# module is enabled (1) or not (0).
if [ "$1" -eq "1" ]
then
sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
true
fi
exit 0
FIREWALL
Now, let's enable those rules right away:
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT
We must make sure that our custom configuration will be persistant;
mkdir -p /etc/zentyal/stubs/ftp && cp /usr/share/zentyal/stubs/ftp/vsftpd.conf.mas
Now let's modify the FTP server configuration (make sure to replace
<YOUR PUBLIC UP> with your public IP);
cat >> /etc/zentyal/stubs/ftp/vsftpd.conf.mas <<-FTP_CONF
## Marcus Hack ##
pasv_promiscuous=YES
pasv_enable=YES
pasv_min_port=60000
pasv_max_port=60100
pasv_address=<YOUR PUBLIC IP>
# Max Clients
max_clients=100
# Max connections per IP
max_per_ip=20
cmds_allowed=ALLO,ABOR,APPE,CWD,DELE,HELP,LIST,MDTM,MKD,NLST,PASS,PASV,PWD,QUIT,RETR,RMD,RNFR,RNTO,SIZE,STOR,TYPE,USER
## ############## ##
FTP_CONF
And now lets wrap it up by restart the service;
/etc/init.d/zentyal ftp restart
Let's wrap it up by testing our new configuration.
You should now have something similar to:
PASV
227 Entering Passive Mode (123,123,123,123,47,27).
STOR mybackup.tar.gz
150 Ok to send data.
226 Transfer complete.
QUIT
221 Goodbye.
Thanks for reading and please, do not hesitate to comment this little trick.
Best,
Marcus