Results 1 to 3 of 3

Thread: Disconnect troubles with FTP service on non-standard port

Hybrid View

  1. #1

    Disconnect troubles with FTP service on non-standard port

    Hello,

    I have got a major issue when I use FTP service on a non-standard port.

    My FTP service is a proprietary solution but it doesn't matter. I just run it with a non-root user and make it listen on port higher than 1024.

    To accomplish this, I run iptables rules locally on my server to forward traffic
    to TCP 21 to 2121 for instance
    from TCP 2020 (active port set on my FTP server) to TCP 20

    This is a sample of iptables rules

    iptables -t nat -A PREROUTING -p tcp -d 192.168.0.5 -m tcp --dport 21 -j DNAT --to 192.168.0.5:2121
    iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.5 -m tcp --sport 2020 -j SNAT --to 192.168.0.5:20

    The problem is when I use these rules, for an unknown reason, iptable randomly drops client's FTP passive connection (get disconnected from Filezila FTP client) while connection is still maintained on server side

    This cause troubles because when Filezila try to resume the connection, errors are experienced on server side which has ever a related connection in use.

    Once I disable these NAT rules and configure my FTP server to listen on TCP 21 port and use TCP 20 source port (require root permission), this issue disapears.

    More, regardless of iptable activation, FTPS transfers always works fine as if iptable was not able to inspect encrypted traffic.

    Have you ever came across this issue? Or has someone an idea about what's wrong?

    Thank you very much for your support

  2. #2
    Automatic reply NNTP User

    Re: Disconnect troubles with FTP service on non-standard port

    good2go971,

    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.

    These forums are peer-to-peer, best effort, volunteer run and that if your issue
    is urgent or not getting a response, you might try one of the following options:

    - Visit http://www.suse.com/support and search the knowledgebase and/or check all
    the other support options available.
    - Open a service request: https://www.suse.com/support
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.suse.com)

    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.suse.com/faq.php

    If this is a reply to a duplicate posting or otherwise posted in error, please
    ignore and accept our apologies and rest assured we will issue a stern reprimand
    to our posting bot..

    Good luck!

    Your SUSE Forums Team
    http://forums.suse.com



  3. #3

    Re: Disconnect troubles with FTP service on non-standard port

    On 14/04/16 22:34, good2go971 wrote:

    > I have got a major issue when I use FTP service on a non-standard port.
    >
    > My FTP service is a proprietary solution but it doesn't matter. I just
    > run it with a non-root user and make it listen on port higher than
    > 1024.
    >
    > To accomplish this, I run iptables rules locally on my server to forward
    > traffic
    > to TCP 21 to 2121 for instance
    > from TCP 2020 (active port set on my FTP server) to TCP 20
    >
    > This is a sample of iptables rules
    >
    > iptables -t nat -A PREROUTING -p tcp -d 192.168.0.5 -m tcp --dport 21
    > -j DNAT --to 192.168.0.5:2121
    > iptables -t nat -A POSTROUTING -p tcp -s 192.168.0.5 -m tcp --sport
    > 2020 -j SNAT --to 192.168.0.5:20
    >
    > The problem is when I use these rules, for an unknown reason, iptable
    > randomly drops client's FTP passive connection (get disconnected from
    > Filezila FTP client) while connection is still maintained on server
    > side
    >
    > This cause troubles because when Filezila try to resume the connection,
    > errors are experienced on server side which has ever a related
    > connection in use.
    >
    > Once I disable these NAT rules and configure my FTP server to listen on
    > TCP 21 port and use TCP 20 source port (require root permission), this
    > issue disapears.
    >
    > More, regardless of iptable activation, FTPS transfers always works fine
    > as if iptable was not able to inspect encrypted traffic.
    >
    > Have you ever came across this issue? Or has someone an idea about
    > what's wrong?
    >
    > Thank you very much for your support


    Perhaps it would help get a response if you could explain "My FTP
    service is a proprietary solution". Are you using vsftpd as included
    with SLES12 or some other (custom) FTP server?

    HTH.
    --
    Simon
    SUSE Knowledge Partner

    ------------------------------------------------------------------------
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.
    ------------------------------------------------------------------------

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •