FTP uses wrong passive port range when using masquerading

    • OMV 1.0
    • FTP uses wrong passive port range when using masquerading

      Hi,
      I've problems using Masquerading and the passive FTP port range.
      System is the newest Version OMV 1.0.27.3, ProFTPD 1.3.4a

      Masquerading is set to on with an update intervall of 300s. Portrange is set to 192,0 till 192,50 (49152-49202) but FTP doesn't use this port range for passive connections.
      Using it in implicit TLS connections it works well and uses that range for file transfer.

      If I'm turning of masquerading it uses the right ports without encryption and everything works well except TLS connections because of using the internal IP-Address.
      Is there any fix for this issue?

      Thanks!


      Log:

      #with TLS

      220 ProFTPD 1.3.4a Server () [x,x,x,x]
      AUTH TLS
      234 AUTH TLS successful
      PBSZ 0
      200 PBSZ 0 successful
      PASV
      227 Entering Passive Mode (x,x,x,x,192,39).
      LIST
      250 CWD command successful
      PASV
      227 Entering Passive Mode (x,x,x,x,192,30).
      LIST
      QUIT
      221 Goodbye.


      #without TLS

      220 ProFTPD 1.3.4a Server () [x,x,x,x]
      PASV
      227 Entering Passive Mode (x,x,x,x,239,20).
      LIST
    • I do not have that issue nor am I able to reproduce it.

      Can you give the output of the following command:

      Source Code

      1. cat /etc/proftpd/proftpd.conf | grep PassivePorts


      If it does not output anything, you can try to force the regeneration of proftpd.conf file with the following command:

      Source Code

      1. omv-mkconf proftpd


      If you have checked the Passive FTP 'Use the following port range' flag, it should add the following line in the proftpd.conf file:

      Source Code

      1. PassivePorts 49152 49202
    • Thanks for your answer. I've already checked the config file. Everything seems to be set correct. Passive port range is set to the specified range.
      Indeed, if masquerading is turned on, only encrypted connections use the specified range not passive connections without encryption. Perhaps a bug in proftpd.