vsftpd behind NAT problem

[Scott Ullrich]

On 9/9/05, Nikos I. Gabrielides <ganick at acn.gr> wrote:
> Hi all,
> 
> I am using an FTP Server behind NAT (vsftpd v1.2.0-5 on
> Fedora Core 1 kernel 2.4.22-1.2115.nptl).
> The server is behind NAT router (Zyxel Prestige 660R-61).
> I have problems connecting to it from a computer outside.
> 
> I am looking for a way to solve this at FTP Server side.
> 
> I have enabled DynDNS and port forwarding for the needed port
> ranges (20:21, 7727:7777) on the ADSL router.
> But I cannot connect from the outside.
> 
> Please, somebody, tell me how can I troubleshoot the problem.
> (where do i look for 'syslog' ?).
> Or, even better, do you guys see any solution for this ?
> 
> Thx in advance
> 
> /ganick
> 
> PS:
> My cofiguration is as follows:
> 
> 
> ** iptables rules **
> ...
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 20 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 7727:7777 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7727:7777 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
> ...
> (probably udp holes are not needed)
> 
> ** vsftpd.conf**
> listen=YES
> anonymous_enable=YES
> ftp_username=ftp
> write_enable=NO
> anon_upload_enable=NO
> anon_mkdir_write_enable=NO
> anon_other_write_enable=NO
> anon_world_readable_only=YES
> anon_max_rate=10240
> idle_session_timeout=300
> ascii_download_enable=NO
> ascii_upload_enable=NO
> connect_from_port_20=NO
> port_enable=YES
> hide_ids=NO
> max_per_ip=0
> local_root=/var/ftp
> nopriv_user=nobody
> # assist NAT firewall
> pasv_enable=YES
> pasv_min_port=7727
> pasv_max_port=7777
> log_ftp_protocol=YES
> syslog_enable=YES
> ftpd_banner=Welcome to ganick's FTP sever. Behave!

This is the FreeBSD pf (Packet Filter) list.   Not linux!   Perhaps
you should post to the iptables list or the linux kernel list?  I dont
really know, I don't use linux.  But either way, this appears to be
the wrong list for what your looking for.

Scott