A file is not sent to a vsftpd server but the vsftpd server replied back "226 File receive OK." to the client.
Issue
- With the environment below, a file is uplaoded from a ftp client to a vsftpd server with passive mode on.
ftp <ip address>
Connected to 10.64.208.100.
220 (vsFTPd 2.0.5)
530; Please login with USER and PASS.
530 Please login with USER and; PASS.
KERBEROS_V4 rejected as an authentication type
Name; (10.64.208.100:user): user
331 Please specify the password.
Password:
230 Login successful.
cr
Carriage Return stripping off.
Remote; system type is UNIX.
Using binary mode to transfer files.
ftp passive
Passive mode off.
ftp put ftptest
local: ftptest; remote: ftptest
200 PORT command successful. Consider using PASV.
150; Ok to send data.
(Push Ctrl + C)
send aborted
waiting for remote to finish
abort
226 File receive OK.
ftp> by
221 Goodbye.
vsftp log
Sat; Jul; 2 15:34:54 2011 [pid 3365] CONNECT: Client "10.64.208.213"
Sat; Jul; 2 15:34:58 2011 \[pid 3364\] \[user\] OK LOGIN: Client; "10.64.208.213"
Sat Jul; 2 15:35:08 2011 \[pid 3366\] \[user\] OK; UPLOAD: Client "10.64.208.213", "/home/user/ftptest", 0.00Kbyte/sec
- The file was not sent to the vsftpd server but the vsftpd server; replied back
"226 File receive OK." to the client.; The vsftped log; also said "OK UPLOAD".
- This only happens with passive mode only.
Environment
- Red Hat Enterprise Linux Server release 5.5 (Tikanga)
- vsftpd-2.0.5-16.el5_6.1
- ftp client
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp spt:ftp-data reject-with icmp-net-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
iptables configure files is configured with one of the followings.
The problem always occurs with each configuration below.
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-unreachable
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-prohibited
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-net-prohibited
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-admin-prohibited
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-proto-unreachable
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p tcp --sport ftp-data -j REJECT --reject-with icmp-host-unreachable
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
