Two vsftpd instances - check passive port on FTPS
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:
anonymous_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ftpd_banner=Hello.
listen=YES
listen_port=30
local_enable=YES
local_umask=022
pam_service_name=vsftpd
pasv_enable=YES
pasv_address=192.168.100.162
pasv_max_port=389
pasv_min_port=389
rsa_cert_file=/etc/vsftpd/vsftpd.pem
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
ssl_ciphers=HIGH
user_config_dir=/etc/vsftpd/user_conf
userlist_enable=NO
write_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/xferlog2
xferlog_std_format=NO
dual_log_enable=YES
log_ftp_protocol=YES
The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000
So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.
How can I make sure that this is working fine?
ftp vsftpd vsftp
add a comment |Â
up vote
2
down vote
favorite
I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:
anonymous_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ftpd_banner=Hello.
listen=YES
listen_port=30
local_enable=YES
local_umask=022
pam_service_name=vsftpd
pasv_enable=YES
pasv_address=192.168.100.162
pasv_max_port=389
pasv_min_port=389
rsa_cert_file=/etc/vsftpd/vsftpd.pem
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
ssl_ciphers=HIGH
user_config_dir=/etc/vsftpd/user_conf
userlist_enable=NO
write_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/xferlog2
xferlog_std_format=NO
dual_log_enable=YES
log_ftp_protocol=YES
The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000
So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.
How can I make sure that this is working fine?
ftp vsftpd vsftp
I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
â user73540
Jun 25 '14 at 9:07
I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same227 Entering Passive Mode (192,168,100,162,22,29)
â user73540
Jun 25 '14 at 11:01
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:
anonymous_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ftpd_banner=Hello.
listen=YES
listen_port=30
local_enable=YES
local_umask=022
pam_service_name=vsftpd
pasv_enable=YES
pasv_address=192.168.100.162
pasv_max_port=389
pasv_min_port=389
rsa_cert_file=/etc/vsftpd/vsftpd.pem
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
ssl_ciphers=HIGH
user_config_dir=/etc/vsftpd/user_conf
userlist_enable=NO
write_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/xferlog2
xferlog_std_format=NO
dual_log_enable=YES
log_ftp_protocol=YES
The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000
So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.
How can I make sure that this is working fine?
ftp vsftpd vsftp
I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:
anonymous_enable=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
connect_from_port_20=YES
dirmessage_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ftpd_banner=Hello.
listen=YES
listen_port=30
local_enable=YES
local_umask=022
pam_service_name=vsftpd
pasv_enable=YES
pasv_address=192.168.100.162
pasv_max_port=389
pasv_min_port=389
rsa_cert_file=/etc/vsftpd/vsftpd.pem
ssl_enable=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_tlsv1=YES
ssl_ciphers=HIGH
user_config_dir=/etc/vsftpd/user_conf
userlist_enable=NO
write_enable=YES
xferlog_enable=YES
xferlog_file=/var/log/xferlog2
xferlog_std_format=NO
dual_log_enable=YES
log_ftp_protocol=YES
The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000
So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.
How can I make sure that this is working fine?
ftp vsftpd vsftp
ftp vsftpd vsftp
asked Jun 25 '14 at 8:52
user73540
113
113
I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
â user73540
Jun 25 '14 at 9:07
I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same227 Entering Passive Mode (192,168,100,162,22,29)
â user73540
Jun 25 '14 at 11:01
add a comment |Â
I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
â user73540
Jun 25 '14 at 9:07
I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same227 Entering Passive Mode (192,168,100,162,22,29)
â user73540
Jun 25 '14 at 11:01
I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
â user73540
Jun 25 '14 at 9:07
I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
â user73540
Jun 25 '14 at 9:07
I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same
227 Entering Passive Mode (192,168,100,162,22,29)
â user73540
Jun 25 '14 at 11:01
I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same
227 Entering Passive Mode (192,168,100,162,22,29)
â user73540
Jun 25 '14 at 11:01
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
I just got from other source vsftpd is not able to reserve ports below 1024 for PASV
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html
I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000
227 Entering Passive Mode (192,168,100,162,117,48)
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
I just got from other source vsftpd is not able to reserve ports below 1024 for PASV
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html
I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000
227 Entering Passive Mode (192,168,100,162,117,48)
add a comment |Â
up vote
0
down vote
I just got from other source vsftpd is not able to reserve ports below 1024 for PASV
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html
I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000
227 Entering Passive Mode (192,168,100,162,117,48)
add a comment |Â
up vote
0
down vote
up vote
0
down vote
I just got from other source vsftpd is not able to reserve ports below 1024 for PASV
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html
I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000
227 Entering Passive Mode (192,168,100,162,117,48)
I just got from other source vsftpd is not able to reserve ports below 1024 for PASV
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html
I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000
227 Entering Passive Mode (192,168,100,162,117,48)
answered Jun 26 '14 at 7:24
user73540
113
113
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f139073%2ftwo-vsftpd-instances-check-passive-port-on-ftps%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
â user73540
Jun 25 '14 at 9:07
I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same
227 Entering Passive Mode (192,168,100,162,22,29)
â user73540
Jun 25 '14 at 11:01