I am running vsftpd-3.0.2-9.el7.x86_64 on CentOS Linux release 7.1.1503 (Core) in Amazon Web Service (AWS) and cannot get the ftp server to send a valid IP address with pasv_address set.
Without the pasv_address set, the expected IP is transmitted, but since the system in NAT'ed its not the appropriate address--
/var/log/vsftpd.log--
Tue May 5 18:50:23 2015 [pid 20417] [guest] FTP command: Client "::ffff:128.18.42.44", "PASV"
Tue May 5 18:50:23 2015 [pid 20417] [guest] FTP response: Client "::ffff:128.18.42.44", "227 Entering Passive Mode (192,168,0,75,233,79)."
With pasv_address=54.67.64.106 set the daemon sends 0.0.0.0, not the set address--
Tue May 5 18:42:38 2015 [pid 19886] [guest] FTP command: Client "::ffff:128.18.42.44", "PASV"
Tue May 5 18:42:38 2015 [pid 19886] [guest] FTP response: Client "::ffff:128.18.42.44", "227 Entering Passive Mode (0,0,0,0,197,185)."
What am I missing?
My /etc/vsftpd/vsftpd.conf file is at http://pastebin.com/47uYpYMC
My system in formation is at http://pastebin.com/ws1PQktY
Thanks, Andrew
[SOLVED] vsftpd sending 0.0.0.0 with pasv_address set
-
andrew.baldwin.young
- Posts: 2
- Joined: 2015/05/05 18:16:00
[SOLVED] vsftpd sending 0.0.0.0 with pasv_address set
Last edited by andrew.baldwin.young on 2015/05/07 01:38:23, edited 1 time in total.
-
andrew.baldwin.young
- Posts: 2
- Joined: 2015/05/05 18:16:00
Re: [SOLVED] vsftpd sending 0.0.0.0 with pasv_address set
I found the trouble. I had both listen=YES and listen_ipv6=YES set.
The incoming connections were interpreted as IPv6 addresses, so the IPv4 pasv_address was not taking.
The incoming connections were interpreted as IPv6 addresses, so the IPv4 pasv_address was not taking.
Re: [SOLVED] vsftpd sending 0.0.0.0 with pasv_address set
Your post helped resolve pasv setup issue for me too. I came across this post looking to resolve the same issue with the pasv_address not being sent to clients when set up.
Turns out I had to comment out the default setting of and instead enable which was disabled by default.
I'm sure the IPv6 is not setup on either server, client or firewall other than default settings and those are not supposed to work across the internet as far as I know. The vsftpd transfer log shows an IPv6 client when testing with cURL client using its default setting of EPSV enabled. It appears to me vsftpd is detecting an IPv6 client where it should see an IPv4 one when the service is setup with the default settings. I'll consider filing a bug report.
Best, Martinus
Turns out I had to comment out the default setting of
Code: Select all
listen_ipv6=YESCode: Select all
listen=YESI'm sure the IPv6 is not setup on either server, client or firewall other than default settings and those are not supposed to work across the internet as far as I know. The vsftpd transfer log shows an IPv6 client when testing with cURL client using its default setting of EPSV enabled. It appears to me vsftpd is detecting an IPv6 client where it should see an IPv4 one when the service is setup with the default settings. I'll consider filing a bug report.
Best, Martinus
-
kcarpenter
- Posts: 1
- Joined: 2017/04/21 22:57:40
Re: [SOLVED] vsftpd sending 0.0.0.0 with pasv_address set
Well - this post saved me after 4 hours of digging.
I had some users attempting to log into the FTP server with Internet Exporer, Windows Explorer and WinSCP but kept getting "make sure you have permission to that directory" errors. FileZilla and a few other clients as well as a PHP script that is writing to the server seemed fine.
FTPtest.com was returning
Error: Server returned broadcast address in PASV reply
or
Error: Server returned unroutable private IP address in PASV reply
AS well as (0,0,0,0,X,Y) as the IP in the PASV response.
Turns out setting listen=YES and listen_ipv6=NO fixes it. Filezilla didn't have a problem because it just drops in the host IP if PASV doesn't return anything valid. So it masks the problem really.
Just commenting with the error message to maybe help a future Googler.
I had some users attempting to log into the FTP server with Internet Exporer, Windows Explorer and WinSCP but kept getting "make sure you have permission to that directory" errors. FileZilla and a few other clients as well as a PHP script that is writing to the server seemed fine.
FTPtest.com was returning
Error: Server returned broadcast address in PASV reply
or
Error: Server returned unroutable private IP address in PASV reply
AS well as (0,0,0,0,X,Y) as the IP in the PASV response.
Turns out setting listen=YES and listen_ipv6=NO fixes it. Filezilla didn't have a problem because it just drops in the host IP if PASV doesn't return anything valid. So it masks the problem really.
Just commenting with the error message to maybe help a future Googler.