A file is not sent to a vsftpd server but the vsftpd server replied back "226 File receive OK." to the client.
Issue
- With the environment below, a file is uplaoded from a ftp client to a vsftpd server with passive mode on.
ftp <ip address>
Connected to 10.64.208.100.
220 (vsFTPd 2.0.5)
530; Please login with USER and PASS.
530 Please login with USER and; PASS.
KERBEROS_V4 rejected as an authentication type
Name; (10.64.208.100:user): user
331 Please specify the password.
Password:
230 Login successful.
cr
Carriage Return stripping off.
Remote; system type is UNIX.
Using binary mode to transfer files.
ftp passive
Passive mode off.
ftp put ftptest
local: ftptest; remote: ftptest
200 PORT command successful. Consider using PASV.
150; Ok to send data.
(Push Ctrl + C)
send aborted
waiting for remote to finish
abort
226 File receive OK.
ftp> by
221 Goodbye.
vsftp log
Sat; Jul; 2 15:34:54 2011 [pid 3365] CONNECT: Client "10.64.208.213"
Sat; Jul; 2 15:34:58 2011 \[pid 3364\] \[user\] OK LOGIN: Client; "10.64.208.213"
Sat Jul; 2 15:35:08 2011 \[pid 3366\] \[user\] OK; UPLOAD: Client "10.64.208.213", "/home/user/ftptest", 0.00Kbyte/sec
- The file was not sent to the vsftpd server but the vsftpd server; replied back
"226 File receive OK." to the client.; The vsftped log; also said "OK UPLOAD".
- This only happens with passive mode only.
Environment
- Red Hat Enterprise Linux Server release 5.5 (Tikanga)
- vsftpd-2.0.5-16.el5_6.1
- ftp client
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp spt:ftp-data reject-with icmp-net-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
iptables configure files is configured with one of the followings.
The problem always occurs with each configuration below.
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-unreachable
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-prohibited
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-prohibited
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-admin-prohibited
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-proto-unreachable
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-unreachable
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.