425 Bad IP connecting

[grayhare]

It works when an ftp client points to localhost as host, but when using an ip address like 192.168.1.x it shows 425 Bad IP connecting, so external ftp clients don't actually work. I tried on my smartphone.

I've tried providing my own /etc/vsftpd.conf on my docker-compose.yml file based on the config from your src folder, but then it just doesn't work and throws ECONNREFUSED to the client. This happens even when I use the unmodified conf file from this repo. There are no errors in the docker logs.

Please help

[matteoopenf]

have you solved?

[grayhare]

no, I used ftps instead.

[matteoopenf]

Have you an example?

[matteoopenf]

I find on docker compose, I use on env variable PUBLICHOST: "192.168.1.104" and this is my local ip

[TheFax]

I had the same issue and I solved creating a new variable on Docker Compose and passing the correct IP to vsftpd.conf file (pasv_address).
This is the repo I created.
I would be happy if a solution similar to mine, or a better solution, was also adopted by this repository.
I've never used Docker Compose before, so I know there might be a better method to get an even better result.

[garethflowers]

I think this can be resolved by removing the following options from the vsftpd.conf file:

pasv_address=0.0.0.0
pasv_addr_resolve=YES
pasv_promiscuous=YES

[TheFax]

Is this "self assigned" or do you need help?
I can try to make some experiments if it is necessary.

[garethflowers]

@TheFax feel free to have a play around and see if you can replicate and resolve this. Thanks.

[TheFax]

I made some tests.

I think this can be resolved by removing the following options from the vsftpd.conf file:

pasv_address=0.0.0.0
pasv_addr_resolve=YES
pasv_promiscuous=YES

Removing the three options from vsftpd.conf unfortunately doesn't work.

This is the log of a connection started from my PC:

. 2024-01-18 21:32:31.420 Local IP is 192.168.0.155/24.
. 2024-01-18 21:32:31.420 Connected with 192.168.0.214. Waiting for welcome message...
< 2024-01-18 21:32:31.420 220 FTP Server
> 2024-01-18 21:32:31.420 USER user
< 2024-01-18 21:32:31.420 331 Please specify the password.
> 2024-01-18 21:32:31.420 PASS ***
< 2024-01-18 21:32:31.420 230 Login successful.
> 2024-01-18 21:32:31.420 SYST
< 2024-01-18 21:32:31.420 215 UNIX Type: L8
> 2024-01-18 21:32:31.420 FEAT
< 2024-01-18 21:32:31.420 211-Features:
< 2024-01-18 21:32:31.420  EPRT
< 2024-01-18 21:32:31.420  EPSV
< 2024-01-18 21:32:31.420  MDTM
< 2024-01-18 21:32:31.420  PASV
< 2024-01-18 21:32:31.420  REST STREAM
< 2024-01-18 21:32:31.420  SIZE
< 2024-01-18 21:32:31.420  TVFS
< 2024-01-18 21:32:31.420  UTF8
< 2024-01-18 21:32:31.420 211 End
> 2024-01-18 21:32:31.420 OPTS UTF8 ON
< 2024-01-18 21:32:31.420 200 Always in UTF8 mode.
. 2024-01-18 21:32:31.442 Connected
. 2024-01-18 21:32:31.442 Got reply 1 to the command 1
. 2024-01-18 21:32:31.449 Doing startup conversation with host.
> 2024-01-18 21:32:31.455 PWD
< 2024-01-18 21:32:31.457 257 "/" is the current directory
. 2024-01-18 21:32:31.457 Got reply 1 to the command 16
. 2024-01-18 21:32:31.457 Changing directory to "/".
> 2024-01-18 21:32:31.457 CWD /
< 2024-01-18 21:32:31.458 250 Directory successfully changed.
. 2024-01-18 21:32:31.458 Got reply 1 to the command 16
. 2024-01-18 21:32:31.458 Getting current directory name.
> 2024-01-18 21:32:31.458 PWD
< 2024-01-18 21:32:31.459 257 "/" is the current directory
. 2024-01-18 21:32:31.459 Got reply 1 to the command 16
. 2024-01-18 21:32:31.459 Session upkeep
. 2024-01-18 21:32:31.490 Retrieving directory listing...
> 2024-01-18 21:32:31.490 TYPE A
< 2024-01-18 21:32:31.490 200 Switching to ASCII mode.
> 2024-01-18 21:32:31.491 PASV
< 2024-01-18 21:32:31.491 227 Entering Passive Mode (172,17,0,2,156,72).
> 2024-01-18 21:32:31.491 LIST
. 2024-01-18 21:32:31.491 Connecting to 172.17.0.2:40008 ...

As you can see, the connection starts correctly, but it hangs when the server sends a wrong IP (172.17.0.2) to the FTP client.
The correct IP had to be 192.168.0.214 (for your reference see the second line of the log).

From what I understand, there are three possible solutions for this issue:

1. Disable passive mode in the server (the worst solution)
2. Start the docker container using host network driver (not recommended)
3. Pass the correct IP to the container through a variable (the better solution)

Please, consider to add this variable in your official repo if you think this is a good solution.

[garethflowers]

Resolved in release 0.8.0.