425 Failed to establish connection. vsftpd
Desde hace algún tiempo mantengo un servidor ftp seguro montando con Vsftpd. Nunca he tenido problemas a la hora de conectarme a él desde Internet, pero
el otro día tuve que conectarme al servidor desde un ordenador dentro de mi red. Todo iba bien, la autenticación y la conexión, pero el cliente que utilizo para conectarme
al servidor ftp (filezilla) no era capaz de listarme los directorios.
Al ver los logs del servidor ftp pude ver lo siguiente:
Fri May 7 14:28:27 2010 [pid 4739] CONNECT: Client "192.168.x.x" Fri May 7 14:28:27 2010 [pid 4739] FTP response: Client "192.168.x.x", "220 "Bienvenido al servidor FTP de DECKERIX!!"" Fri May 7 14:28:27 2010 [pid 4739] FTP command: Client "192.168.x.x", "AUTH TLS" Fri May 7 14:28:27 2010 [pid 4739] FTP response: Client "192.168.x.x", "234 Proceed with negotiation." Fri May 7 14:28:27 2010 [pid 4739] FTP command: Client "192.168.x.x", "USER usuario_rojo" Fri May 7 14:28:27 2010 [pid 4739] [usuario_rojo] FTP response: Client "192.168.x.x", "331 Please specify the password." Fri May 7 14:28:27 2010 [pid 4739] [usuario_rojo] FTP command: Client "192.168.x.x", "PASS <password>" Fri May 7 14:28:27 2010 [pid 4738] [usuario_rojo] OK LOGIN: Client "192.168.x.x" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP response: Client "192.168.x.x", "230 Login successful." Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP command: Client "192.168.x.x", "OPTS UTF8 ON" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP response: Client "192.168.x.x", "200 Always in UTF8 mode." Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP command: Client "192.168.x.x", "PBSZ 0" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP response: Client "192.168.x.x", "200 PBSZ set to 0." Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP command: Client "192.168.x.x", "PROT P" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP response: Client "192.168.x.x", "200 PROT now Private." Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP command: Client "192.168.x.x", "PWD" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP response: Client "192.168.x.x", "257 "/"" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP command: Client "192.168.x.x", "TYPE I" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP response: Client "192.168.x.x", "200 Switching to Binary mode." Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP command: Client "192.168.x.x", "PASV" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP response: Client "192.168.x.x", "227 Entering Passive Mode (xx,xxx,xx,xx,xx,xx)" Fri May 7 14:28:27 2010 [pid 4740] [usuario_rojo] FTP command: Client "192.168.x.x", "LIST" Fri May 7 14:28:42 2010 [pid 4737] [usuario_rojo] FTP response: Client "192.168.x.x", "425 Failed to establish connection." |
Como vemos el error viene después de pasar del modo activo al pasivo: 425 Failed to establish connection.
Los parámetros para la conexión pasiva del vsftpd son:
ftp_data_port= pasv_min_port= pasv_max_port= pasv_address= (IP del router con salida a internet) |
Para conseguir que se me listaran los directorios comenté la linea “pasv_address” y conseguí que se aceptaran conexiones pasivas desde mi red interna.
pasv_address
Use this option to override the IP address that vsftpd will advertise in response to the PASV command.
Provide a numeric IP address, unless pasv_addr_resolve is enabled, in which case you can
provide a hostname which will be DNS resolved for you at startup.
Default: (none – the address is taken from the incoming connected socket)