4

I have a VPS running vsftpd v3.0.2 on CentOS 6.4. When I try to connect to my ftp server I get the error:

The data connection could not be established: EHOSTUNREACH - No route to host

The console of the attempt of connection:

Status: Connecting to xxx.xxx.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Response:   220 snapd.server01 FTP Server
Command:    AUTH TLS
Response:   234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command:    USER web01
Status: TLS/SSL connection established.
Response:   331 Please specify the password.
Command:    PASS *********
Response:   230 Login successful.
Command:    OPTS UTF8 ON
Response:   200 Always in UTF8 mode.
Command:    PBSZ 0
Response:   200 PBSZ set to 0.
Command:    PROT P
Response:   200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/"
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (xxx,xxx,xxx,xxx,85,175).
Command:    LIST
Error:  The data connection could not be established: EHOSTUNREACH - No route to host

I have all required ports forwarded including 5000-5100. I have also tried disabling SElinux - didn't work. The user web01 home dir set to /var/www.

I did research the internet. Some said that in vsftpd.conf if I have spaces, that would cause the error but that is not the case.

Castaglia
  • 3,349
  • 3
  • 21
  • 42
Karl Viiburg
  • 185
  • 1
  • 3
  • 7
  • Just ditch FTP and use scp/sftp. There is no good reason anyone needs to use FTP these days. – EEAA Jan 11 '14 at 16:05

2 Answers2

3

Looks like an active/passive mode issue. Seems you use Passive mode.

I would try Active mode.

If you really want Passive mode, i suspect you didn't open all the required port (from TCP/1024 to TCP/65534).

Note that you can restrict port range for Passive mode using pasv_min_port and pasv_max_port directive in vsftpd.conf.

krisFR
  • 13,280
  • 4
  • 36
  • 42
  • Both of the methods did the trick. I limited the range to 5000-5100 in the conf file and everything is working as it should. Many thanks – Karl Viiburg Jan 11 '14 at 16:12
-1

Server for NAT?

vi /etc/sysconfig/iptables-config

IPTABLES_MODULES="ip_nat_ftp"
NARkod
  • 1
  • That will not help, because the connection is FTPS (note TLS setup steps above) - the encryption of the control channel prevents the module from seeing the DATA connection request, and dynamically modifying the firewall rules accordingly. – MadHatter Dec 07 '15 at 07:52