vsftpd on ubuntu after sudo apt-get install vsftpd
Then did configuration as in the attached /etc/vsftpd.conf file.
Anonymous ftp allows cd to the upload directly and allows
put myfile.txt which gets created on the server but then
the client hangs and never proceeds. The file on the server
remains at 0 bytes.
Here's the folders and permissions:
root@support:/home/ftp# ls -ld .
drwxr-xr-x 3 root root 4096 Jun 22 00:00 .
root@support:/home/ftp# ls -ld pub
drwxr-xr-x 3 root root 4096 Jun 21 23:59 pub
root@support:/home/ftp# ls -ld pub/upload
drwxr-xr-x 2 ftp ftp 4096 Jun 22 00:06 pub/upload
root@support:/home/ftp#
Here's the vsftpd.conf file:
root@support:/home/ftp# grep -v '#' /etc/vsftpd.conf
listen=YES
anonymous_enable=YES
write_enable=YES
anon_upload_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
anon_root=/home/ftp/pub/
connect_from_port_20=YES
chown_uploads=YES
chown_username=ftp
nopriv_user=ftp
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Here's a file example that attempted to upload:
root@support:/home/ftp/pub/upload# ls -l
total 0
-rw------- 1 ftp nogroup 0 Jun 22 00:06 build.out
This is the client attempting to upload…it is frozen at this point:
$ ftp 173.203.89.78
Connected to 173.203.89.78.
220 (vsFTPd 2.0.6)
User (173.203.89.78:(none)): ftp
331 Please specify the password.
Password:
230 Login successful.
ftp> put build.out
200 PORT command successful. Consider using PASV.
553 Could not create file.
ftp> cd upload
250 Directory successfully changed.
ftp> put build.out
200 PORT command successful. Consider using PASV.
150 Ok to send data.
EDIT: It turns out that the ftp clients work from other systems running Linux. The error messages above only occur using ftp on a Windows 7 host using the command line ftp.
In fact, on the same Windows 7 machine, if you put the address into Windows Explorer, it works. It can copy and paste files and they appear on the server correctly uploaded.
So this problem only occurs on the Windows 7 command line ftp. NOTE: I double-checked that the firewall is entirely disabled on this machine.
Best Answer
It looks like you're trying to use active FTP, but a firewall between the server and (or on) your client is blocking the data channel. An FTP transaction consists of two channels, or connections: the command channel (on port 21) and the data channel (usually associated with port 20). The client issues commands on the command channel, while the payload (file contents and output of commands like
ls) goes on the data channel. If you've got a firewall or router interfering with the data channel, you can log in and everything will appear to work until you try to get or send information to/from the server - at which point everything will appear to just hang. The server's trying to connect back to the client, but it's not able to do so.In active mode (the default unless you send the
PASVcommand [and note that vsftpd is suggesting that youConsider using PASV]), the server attempts to open a connection to the client for the data channel. That's right - the server is connecting back to the client, and on a port greater than 1023. Firewalls tend to object to this, and if you're behind NAT, it just can't work at all.This is where passive FTP comes in. With passive FTP, the server uses the established connamd channel to tell the client what port and IP address to use for the data channel, and then the client opens a second connection to the server for the data channel. This solves the problem of the client being behind a firewall. All that you need to do is issue the
PASVcommand from the client before thePUT. If that doesn't work, then you may need to help vsftpd a little bit. Configuration items you may want includepasv_min_portandpasv_max_port, which let you control a range of ports vsftpd tells the client to connect to, so you can open them in your firewall. Also, if the server isn't listening on the same IP address that the client is connecting to (inside a NAT, perhaps),pasv_addresstells vsftp where the client actually wants to connect to (it won't automatically use the address the command channel is opened on).