I have the domain toolazy2p.homelinux.com. My ip is dynamic. I have http working, but when I try connecting to the ftp I get this:

230 Login successful.
SYST
215 UNIX Type: L8
PWD
257 "/"
SYST
215 UNIX Type: L8
TYPE A
200 Switching to ASCII mode.
PORT 192,168,1,102,7,172
500 Illegal PORT command.
!Error setting port

The thing that seems off is that the box with the ftp is 192.168.1.101 ...not 102.
I'm using vsftpd, here's my conf file:

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Howdy. Login biatch!
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES

pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES



Any idea what's going on, or better yet, how to fix it?

Do you have ftp.toolazy2p.homelinux.com machine's ip address registered with DNS incorrectly as ending in 102? If so contact your ISP and have them change it to 101.

Do you have ftp.toolazy2p.homelinux.com machine's ip address registered with DNS incorrectly as ending in 102? If so contact your ISP and have them change it to 101.

I forgot to mention that I am behind a router. I have port 21 forwarded to 101.

What ports do you have open on your iptables?

Jeff

What ports do you have open on your iptables?

Jeff
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:##### <---Azureus
ACCEPT tcp -- anywhere anywhere tcp dpt:##### <---Azureus
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

I forgot to mention that I am behind a router. I have port 21 forwarded to 101.
Maybe you should check your router config then to make sure that port forwarding is set to go to the correct lan ip address.

Maybe you should check your router config then to make sure that port forwarding is set to go to the correct lan ip address.

I have done this many times. Like I said, I have httpd working (forwarding port 80) on the same machine. The DNS server is being updated as it should when my ip changes. I can log in from other machines behind the router, but if I try to go through the DNS then it's a no-go.

Given that the ftp request leaves through my router and then attempts to come back through the router, would that cause some issues? If I try using a proxy server to login I still get the same error.

Okay, so I've found the solution, or at least a partial one. http://www.allaboutjake.com/network/linksys/ftp.html goes into detail about ftp clients and servers that are behind routers, specifically ones that are behind linksys routers (what I use). I found the link from this (http://forums.fedoraforum.org/showthread.php?t=66929) thread.

Because I have a linksys router, I can only use PASV ftp. ACTIVE mode was giving me the errors above. I have gotten PASV mode to work by defining the min/max pasv ports and giving the pasv_address in vsftpd.conf. However, the pasv_address is my ip address, which is dynamic, so everytime my ip changes I would have to change the vsftpd.conf accordingly.

I read in the past about using a cron job to update the vsftpd.conf, and now that I understand my situation, it all makes sense. I guess my problem now is how to set up a cron job to do this. Or better yet, is there a ftp server that would automatically update my ip address?