A file is not sent to a vsftpd server but the vsftpd server replied back "226 File receive OK." to the client.

Solution Verified - Updated -

Issue

  • With the environment below, a file is uplaoded from a ftp client to a vsftpd server with passive mode on.
ftp <ip address>  
Connected to 10.64.208.100.  
220 (vsFTPd 2.0.5)  
530; Please login with USER and PASS.  
530 Please login with USER and; PASS.  
KERBEROS_V4 rejected as an authentication type  
Name; (10.64.208.100:user): user  
331 Please specify the password.  
Password:  
230 Login successful.  
cr  
Carriage Return stripping off.  
Remote; system type is UNIX.  
Using binary mode to transfer files.  
ftp passive  
Passive mode off.  
ftp put ftptest  
local: ftptest; remote: ftptest  
200 PORT command successful. Consider using PASV.  
150; Ok to send data.  
 (Push Ctrl + C)  
send aborted  
waiting for remote to finish 
abort  
226 File receive OK.  
ftp&gt; by  
221 Goodbye.  

vsftp log
Sat; Jul; 2 15:34:54 2011 [pid 3365] CONNECT: Client "10.64.208.213"  
Sat; Jul; 2 15:34:58 2011 \[pid 3364\] \[user\] OK LOGIN: Client; "10.64.208.213"  
Sat Jul; 2 15:35:08 2011 \[pid 3366\] \[user\] OK; UPLOAD: Client "10.64.208.213", "/home/user/ftptest", 0.00Kbyte/sec
  • The file was not sent to the vsftpd server but the vsftpd server; replied back
"226 File receive OK." to the client.; The vsftped log; also said "OK UPLOAD".
  • This only happens with passive mode only.

Environment

  • Red Hat Enterprise Linux Server release 5.5 (Tikanga)
  • vsftpd-2.0.5-16.el5_6.1
  • ftp client
# iptables -L  
Chain INPUT (policy ACCEPT)  
target prot opt source destination  
REJECT tcp -- anywhere anywhere tcp spt:ftp-data reject-with icmp-net-unreachable

Chain FORWARD (policy ACCEPT)  
target prot opt source destination

Chain OUTPUT (policy ACCEPT)  
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)  
target prot opt source destination


iptables configure files is configured with one of the followings.  
The problem always occurs with each configuration below.

iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with tcp-reset  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-admin-prohibited  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-proto-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-port-unreachable  
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-unreachable

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content