FTP problem (Server sent passive reply with unroutable address)

9 posts / 0 new
Last post
#1 Mon, 01/12/2015 - 18:14
markspoiss

FTP problem (Server sent passive reply with unroutable address)

227 Entering Passive Mode (192,168,0,110,195,87). Status: Server sent passive reply with unroutable address. Using server address instead.

What is wron now :(

Tue, 01/13/2015 - 14:05
tpnsolutions
tpnsolutions's picture

Hi,

Have you ever considered dumping FTP and moving to the more secure SFTP which is powered by SSH?

Most modern FTP clients out of the box support either SFTP or SCP which work pretty much the same and make use of SSH which encrypts the connection. Also by using SFTP/SCP you can close down port 21 and any passive port range you have open therefore making your system that much more secure.

SFTP => Secure File Transfer Protocol
SCP => Secure Copy Protocol

Both can do the same thing as FTP, so there's really no reason in today's hosting environment to ever offer FTP anymore IMHO.

*** we discontinued FTP support almost 5 years ago ***

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Tue, 01/13/2015 - 14:36
markspoiss

Thnx! But how i can to do that? I mean that how i get key from webmin/virtualmin and put it to my filezilla?

Or what i must to do?

Maybe is somewhere a tutorial?

Thnx!

Wed, 01/14/2015 - 18:29
tpnsolutions
tpnsolutions's picture

Hi,

You can make use of username/password combination with SFTP just as you would with FTP. Generating a Public/Private key pair is another way which offers greater security but requires some knowledge of generating the key, and setting it up on the server properly.

If you'd like, I can provide you a quick one-on-one session and teach you how to generate a public/private key pair, implement it within your installation and make sure that FTP is turned off, and your system is secure. Whew, that was a mouthful :-)

Drop me a line on Skype or by email if you'd like to setup some time to go over.

Best Regards,
Peter Knowles
TPN Solutions

Email: pknowles@tpnsolutions.com
Phone: 1-604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com

*** ask me about our new support plans which include a FREE copy of Virtualmin Pro!!! ***
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 01/15/2015 - 00:18
andreychek

Howdy,

Note that while SSH/SFTP are indeed more secure, FTP should actually work.

That's an issue that can occur when using FTP behind a NAT router.

If you're using FileZilla, there's a Forum posting there that detail a setting in FileZilla that gets around that particular problem by telling it only to use the external IP:

https://forum.filezilla-project.org/viewtopic.php?t=14750

You could also disable passive mode altogether in your FTP client, that should also resolve it.

There's also some info here on configuring ProFTPd to work behind a NAT router:

http://www.proftpd.org/docs/howto/NAT.html

-Eric

Thu, 01/15/2015 - 04:21
markspoiss

Thnx! It works now... but still i wish to know how to get keys from my virtualmin and put it to filezilla.

I wish to make my server more secure.

Or if i use puttugen public key goes to filezilla? but where i put my key in server?

Thnx!

Thu, 01/15/2015 - 09:54
andreychek

Howdy,

Well, Peter is offering to assist you with that if you're interested. However, you could always start using SSH/SFTP and a password (ie, without using SSH keys), and then once you get that working as you need, you could generate a set of keys.

Once you generate keys, the SSH public key goes into the $HOME/.ssh/authorized_keys file, and the private key goes into your SSH/SFTP client (which sounds like FileZilla in this case).

-Eric

Thu, 01/15/2015 - 10:05
markspoiss

i get in... now is that problem

users can go to root folder etc... with SFTP

i saw somewere topic about that but cant find now:/

Thu, 01/15/2015 - 11:27
andreychek

Howdy,

That's correct -- there's additional information on that here in the documentation "How can I prevent other types of users from browsing the entire filesystem?":

https://www.virtualmin.com/documentation/security/faq

Topic locked