FTP uses wrong passive port range when using masquerading

  • Hi,
    I've problems using Masquerading and the passive FTP port range.
    System is the newest Version OMV 1.0.27.3, ProFTPD 1.3.4a


    Masquerading is set to on with an update intervall of 300s. Portrange is set to 192,0 till 192,50 (49152-49202) but FTP doesn't use this port range for passive connections.
    Using it in implicit TLS connections it works well and uses that range for file transfer.


    If I'm turning of masquerading it uses the right ports without encryption and everything works well except TLS connections because of using the internal IP-Address.
    Is there any fix for this issue?


    Thanks!



    Log:


    #with TLS


    220 ProFTPD 1.3.4a Server () [x,x,x,x]
    AUTH TLS
    234 AUTH TLS successful
    PBSZ 0
    200 PBSZ 0 successful
    PASV
    227 Entering Passive Mode (x,x,x,x,192,39).
    LIST
    250 CWD command successful
    PASV
    227 Entering Passive Mode (x,x,x,x,192,30).
    LIST
    QUIT
    221 Goodbye.



    #without TLS


    220 ProFTPD 1.3.4a Server () [x,x,x,x]
    PASV
    227 Entering Passive Mode (x,x,x,x,239,20).
    LIST

  • I do not have that issue nor am I able to reproduce it.


    Can you give the output of the following command:

    Code
    cat /etc/proftpd/proftpd.conf | grep PassivePorts


    If it does not output anything, you can try to force the regeneration of proftpd.conf file with the following command:

    Code
    omv-mkconf proftpd


    If you have checked the Passive FTP 'Use the following port range' flag, it should add the following line in the proftpd.conf file:

    Code
    PassivePorts 49152 49202
  • Thanks for your answer. I've already checked the config file. Everything seems to be set correct. Passive port range is set to the specified range.
    Indeed, if masquerading is turned on, only encrypted connections use the specified range not passive connections without encryption. Perhaps a bug in proftpd.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!