Join Log in
Score:0
acyk avatar Ubuntu

vsftp connected but timed out on list command

hm flag
acyk

I set up the configuration of vsftpd as follows:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=YES
user_sub_token=$USER
local_root=/var/www/web-moc/wordpress
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO
allow_writeable_chroot=NO

Then I ran the filezilla to connect to the vsftpd with the following parameters:

host: 52.52.40.248
username: ftp_user
password: XXXXXXXX
port: 20 
press "quickconnect"`

It showed the following messages

Status: Connecting to 52.52.40.248:21...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Server does not support non-ASCII characters.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Command:    LIST
Error:  Connection timed out after 20 seconds of inactivity
Error:  Failed to retrieve directory listing

It could connect but it failed to execute "list" command and timed out. I was expecting the "list" command should be executed successfully. However, I was able to connect twice after the server was rebooted ?? It listed the directory of the login directory /var/www/web-moc/wordpress/.
Can anyone please let me know what the problem was? I would very appreciate your helps. Thanks,
Andrew

144
1 + 0
Score:1
vidarlo avatar Ubuntu
om flag
vidarlo

Your problem is that your server sends it's private RFC1918-address as reply to the PASV command, and that the external NAT GW is probably not configured to forward a port range for PASV mode.

FTP requires a data channel and a command channel - on two different ports. This means that your ftp server has to be aware of it's public IP address, and an additional port range configured for this. The list command is sent over the command channel, while the reply should come over the data channel - which times out.

Do not implement FTP in 2023.

Do not use FTP. It is ancient, with strange kludges such as passive mode to support NAT. It does not natively support encryption. It's inefficient.

If you need authenticated file transfers, use something like ssh/sftp, or webdav. If you want to provide unauthenticated downloads, use https.

There is no sane or legitimate reason to implement FTP in 2023.

+ 3
acyk avatar
hm flag
acyk
Thank you for your explanation and suggestion. I am using Wordpress. Many of the plugin updates use ftp and ftps. So I am forced to use the protocol.
0
Reply
vidarlo avatar
om flag
vidarlo
No, you are not. You have to add the line `define('FS_METHOD', 'direct');` to your `wp-config.php` and configure appropriate permissions. Then updates and plugin installations will work without ftp.
0
Reply
vidarlo avatar
om flag
vidarlo
In addition, if you *only* use ftp for wordpress, then don't make it available externally.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.