Two vsftpd instances - check passive port on FTPS











up vote
2
down vote

favorite
1












I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:



anonymous_enable=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

chroot_local_user=YES

connect_from_port_20=YES

dirmessage_enable=YES

force_local_data_ssl=YES

force_local_logins_ssl=YES

ftpd_banner=Hello.

listen=YES

listen_port=30

local_enable=YES

local_umask=022

pam_service_name=vsftpd

pasv_enable=YES

pasv_address=192.168.100.162

pasv_max_port=389

pasv_min_port=389

rsa_cert_file=/etc/vsftpd/vsftpd.pem

ssl_enable=YES

ssl_sslv2=NO

ssl_sslv3=NO

ssl_tlsv1=YES

ssl_ciphers=HIGH

user_config_dir=/etc/vsftpd/user_conf

userlist_enable=NO

write_enable=YES

xferlog_enable=YES

xferlog_file=/var/log/xferlog2

xferlog_std_format=NO

dual_log_enable=YES

log_ftp_protocol=YES


The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000



So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.



How can I make sure that this is working fine?






ftp vsftpd vsftp







share|improve this question














bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
    – user73540
    Jun 25 '14 at 9:07










  • I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same 227 Entering Passive Mode (192,168,100,162,22,29)
    – user73540
    Jun 25 '14 at 11:01

















up vote
2
down vote

favorite
1












I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:



anonymous_enable=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

chroot_local_user=YES

connect_from_port_20=YES

dirmessage_enable=YES

force_local_data_ssl=YES

force_local_logins_ssl=YES

ftpd_banner=Hello.

listen=YES

listen_port=30

local_enable=YES

local_umask=022

pam_service_name=vsftpd

pasv_enable=YES

pasv_address=192.168.100.162

pasv_max_port=389

pasv_min_port=389

rsa_cert_file=/etc/vsftpd/vsftpd.pem

ssl_enable=YES

ssl_sslv2=NO

ssl_sslv3=NO

ssl_tlsv1=YES

ssl_ciphers=HIGH

user_config_dir=/etc/vsftpd/user_conf

userlist_enable=NO

write_enable=YES

xferlog_enable=YES

xferlog_file=/var/log/xferlog2

xferlog_std_format=NO

dual_log_enable=YES

log_ftp_protocol=YES


The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000



So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.



How can I make sure that this is working fine?






ftp vsftpd vsftp







share|improve this question














bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.















  • I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
    – user73540
    Jun 25 '14 at 9:07










  • I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same 227 Entering Passive Mode (192,168,100,162,22,29)
    – user73540
    Jun 25 '14 at 11:01















up vote
2
down vote

favorite
1









up vote
2
down vote

favorite
1






1





I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:



anonymous_enable=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

chroot_local_user=YES

connect_from_port_20=YES

dirmessage_enable=YES

force_local_data_ssl=YES

force_local_logins_ssl=YES

ftpd_banner=Hello.

listen=YES

listen_port=30

local_enable=YES

local_umask=022

pam_service_name=vsftpd

pasv_enable=YES

pasv_address=192.168.100.162

pasv_max_port=389

pasv_min_port=389

rsa_cert_file=/etc/vsftpd/vsftpd.pem

ssl_enable=YES

ssl_sslv2=NO

ssl_sslv3=NO

ssl_tlsv1=YES

ssl_ciphers=HIGH

user_config_dir=/etc/vsftpd/user_conf

userlist_enable=NO

write_enable=YES

xferlog_enable=YES

xferlog_file=/var/log/xferlog2

xferlog_std_format=NO

dual_log_enable=YES

log_ftp_protocol=YES


The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000



So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.



How can I make sure that this is working fine?






ftp vsftpd vsftp







share|improve this question













I have configured VSFTPD in a CentOS machine to run on two instances, with vsftpd.conf and vsftpd2.conf. Here the content of the second conf file:



anonymous_enable=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

chroot_local_user=YES

connect_from_port_20=YES

dirmessage_enable=YES

force_local_data_ssl=YES

force_local_logins_ssl=YES

ftpd_banner=Hello.

listen=YES

listen_port=30

local_enable=YES

local_umask=022

pam_service_name=vsftpd

pasv_enable=YES

pasv_address=192.168.100.162

pasv_max_port=389

pasv_min_port=389

rsa_cert_file=/etc/vsftpd/vsftpd.pem

ssl_enable=YES

ssl_sslv2=NO

ssl_sslv3=NO

ssl_tlsv1=YES

ssl_ciphers=HIGH

user_config_dir=/etc/vsftpd/user_conf

userlist_enable=NO

write_enable=YES

xferlog_enable=YES

xferlog_file=/var/log/xferlog2

xferlog_std_format=NO

dual_log_enable=YES

log_ftp_protocol=YES


The fist conf file is identical excepting the xferlog file, and the listen_port that is missing, and the pasv_max_port/pasv_min_port that are 65000/60000



So I have one FTPS working on port 21 and the other on port 30. Both are working fine, but I want to make sure that 389 is really being used. So, I started a session with Wireshark, where I could see all my TCP packets to port 30, but no one to 389. Instead, I see packets to my remote server on port 49276.



How can I make sure that this is working fine?






ftp vsftpd vsftp




ftp vsftpd vsftp






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jun 25 '14 at 8:52









user73540

113




113





bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







bumped to the homepage by Community yesterday


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.














  • I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
    – user73540
    Jun 25 '14 at 9:07










  • I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same 227 Entering Passive Mode (192,168,100,162,22,29)
    – user73540
    Jun 25 '14 at 11:01




















  • I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
    – user73540
    Jun 25 '14 at 9:07










  • I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same 227 Entering Passive Mode (192,168,100,162,22,29)
    – user73540
    Jun 25 '14 at 11:01


















I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
– user73540
Jun 25 '14 at 9:07




I don't know if this question should be in Serverfault instead of the Unix site, as the first one has 359 questions tagged vsftpd, and this one only 60.
– user73540
Jun 25 '14 at 9:07












I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same 227 Entering Passive Mode (192,168,100,162,22,29)
– user73540
Jun 25 '14 at 11:01






I've noticed that VSFTPD does not takes into account pasv_max_port and pasv_min_port into account when the number is too low: I've tried 30000 for both, and it works well. I've tried 389 for both, and it's takes some high range port. I've also tried 389-399, and it's the same 227 Entering Passive Mode (192,168,100,162,22,29)
– user73540
Jun 25 '14 at 11:01












1 Answer
1






active

oldest

votes

















up vote
0
down vote













I just got from other source vsftpd is not able to reserve ports below 1024 for PASV



https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html



I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000



227 Entering Passive Mode (192,168,100,162,117,48)





share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "106"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f139073%2ftwo-vsftpd-instances-check-passive-port-on-ftps%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote













    I just got from other source vsftpd is not able to reserve ports below 1024 for PASV



    https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html



    I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000



    227 Entering Passive Mode (192,168,100,162,117,48)





    share|improve this answer

























      up vote
      0
      down vote













      I just got from other source vsftpd is not able to reserve ports below 1024 for PASV



      https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html



      I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000



      227 Entering Passive Mode (192,168,100,162,117,48)





      share|improve this answer























        up vote
        0
        down vote










        up vote
        0
        down vote









        I just got from other source vsftpd is not able to reserve ports below 1024 for PASV



        https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html



        I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000



        227 Entering Passive Mode (192,168,100,162,117,48)





        share|improve this answer












        I just got from other source vsftpd is not able to reserve ports below 1024 for PASV



        https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-ftp-vsftpd-conf.html



        I will mark the question as readed, as we don't need to inspect TCP packets, as with a FTP client we are able to see the PASV command. Example for 30000



        227 Entering Passive Mode (192,168,100,162,117,48)






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jun 26 '14 at 7:24









        user73540

        113




        113






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f139073%2ftwo-vsftpd-instances-check-passive-port-on-ftps%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Accessing regular linux commands in Huawei's Dopra Linux

            Image
            4 Backstory: I have a Huawei HG8245 router in my house and I want to change the default username/password. I've tried following this guide but the config file always gets reset. My ISP isn't helping either so I'm looking for other ways to accomplish this. The router has telnet access so this seems like a way to change the credentials. The first shell I gain access to looks like this: WAP> Pressing "?" gives me a list of available commands which I've pasted here, the two interesting ones are "su" and "shell". I can't seem to get su access, even after logging in as root (challenge password prompt, and then nothing happens), but shell gives me a proper linux shell. WAP>shell BusyBox v1.18.4 (2017-12-26 17:06:34 CST) built-in shell (ash) Enter 'hel...
            Read more

            Can't connect RFCOMM socket: Host is down

            Image
            up vote 3 down vote favorite I have bluez 5.4.3 and I am attempting to communicate with a ble device through minicom. These two deceives (my computer and a bluno nano) are alreadt paired and this has been my method so far. #bluetoothctl # pair xx:xx:xx:xx:xx:xx # exit Everything is working well so far then... #sudo rfcomm connect /dev/rfcomm0 xx:xx:xx:xx:xx:xx 1 & [1] 3665 Can't connect RFCOMM socket: Host is down Does anyone know how to resolve this issue? Any help would be very much appreciated. bluetooth bluez share | improve this question asked Feb 9 '17 at 18:46 Brandon Knape 46 2 ...
            Read more

            Kernel panic - not syncing: Fatal Exception in Interrupt

            Image
            0 Every day this error occured on my pc, kernel panic error on interrupt, what will be the problem? linux-mint share asked 6 mins ago Vinod Selvin Vinod Selvin 1 1 New contributor Vinod Selvin is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment ...
            Read more