Docker – Vsftpd doesn’t work in passive mode in LXC container

dockerftplxcvsftpd

I'm beginner in Docker, I have a vsftpd in a Debian and for passive mode I configured in vsftpd:

pasv_enable=YES
pasv_min_port=65000
pasv_max_port=65000
pasv_address=192.168.1.31

and I show with wireshark that server response with passive port 65000 but with passive IP 0.0.0.0 and I don't understand why if I configured passive IP. When I run docker I bind ports 21 and 65000 (and in Dockerfile I expose 21 and 65000) and conection in port 21 and active mode is good, but I need use also passive mode. In wireshark I show it:

227 Entering Passive Mode (0,0,0,0,253,232).
Passive IP address: 0.0.0.0 (0.0.0.0)
Passive port: 65000
Passive IP NAT: True

Dockerfile:

FROM debian:jessie

RUN apt-get update
RUN apt-get dist-upgrade -y
RUN apt-get install -y -q --no-install-recommends vsftpd
RUN apt-get clean

RUN echo "local_enable=YES" >> /etc/vsftpd.conf
RUN echo "chroot_local_user=YES" >> /etc/vsftpd.conf
RUN echo "allow_writeable_chroot=YES" >> /etc/vsftpd.conf
RUN echo "write_enable=YES" >> /etc/vsftpd.conf
RUN echo "pasv_enable=YES" >> /etc/vsftpd.conf
RUN echo "pasv_min_port=65000" >> /etc/vsftpd.conf
RUN echo "pasv_max_port=65000" >> /etc/vsftpd.conf
RUN echo "pasv_address=192.168.1.31" >> /etc/vsftpd.conf

RUN mkdir -p /var/run/vsftpd/empty

EXPOSE 21/tcp
EXPOSE 65000/tcp

CMD vsftpd

And I build and run with commands:

docker build -t vsftpd .
docker run -d -p 21:21 -p 65000:65000 -v /etc/passwd:/etc/passwd:ro -v /etc/shadow:/etc/shadow:ro -v /etc/group:/etc/group:ro -v /home:/home vsftpd

I also try run docker with more parameters:

docker run -d -p 192.168.1.31:21:21 -p 192.168.1.31:65000:65000 -v /etc/passwd:/etc/passwd:ro -v /etc/shadow:/etc/shadow:ro -v /etc/group:/etc/group:ro -v /home:/home vsftpd

And in active mode all work good, only fail passive mode and I don't understand why server say to client that connect to 0.0.0.0 with pasv_address configured. I mount passwd, shadow and group to container as read only for use local users in vsftpd and home for chroot local users, it found in active mode good. I'm trying all in virtual machine in bridge mode, and in virtual machine I have a Ubuntu server with docker.io 1.2.0.

Best Answer

I now can fixed it. By default, vsftpd was listening in IPv4 and IPv6 with the default configuration, etc; and I comment IPv6 config and only configure IPv4, and then all work.

Related Topic