You do not really need any entries in IP tables for passive data connections. Passive data ports are randomly picked up by the FTP server which are always over port 1024. This means that the applications does not require root access. You could also define a range of ports for example (30000 through 30200) in which case the FTP server ensures it is using a passive port in the specified port range. If your devices connect through a firewall, the firewall has to allow incoming connections for the passive data connections. Depending on if you defined a range of ports or not, you may have to open some ports on the firewall. If the devices are all internal you need not do anything.
Hope this helps. Regards, Sai Pullabhotla On Fri, Mar 12, 2010 at 7:22 AM, Aidan Diffey <[email protected]> wrote: > Thank you for the information. This means that I have to re-think as I > require, for example, 100 devices to send information to my server at the > same time. > > Back to the original question. Why does the connection not work when I am > not running as root? > > I beleive that the device(s) are using a passive connection as I get the > following trace (when running as root) > > *13:14:27,390 INFO [FtpLoggingFilter] CREATED > 13:14:27,398 INFO [FtpLoggingFilter] OPENED > 13:14:27,422 INFO [FtpLoggingFilter] SENT: 220 Service ready for new user. > > 13:14:27,472 INFO [FtpLoggingFilter] RECEIVED: USER <USERNAME> > 13:14:27,475 INFO [FtpLoggingFilter] SENT: 331 User name okay, need > password for <USERNAME>. > > 13:14:27,525 INFO [FtpLoggingFilter] RECEIVED: PASS ***** > 13:14:27,535 INFO [PASS] Login success - FTPROOT > 13:14:27,536 INFO [FtpLoggingFilter] SENT: 230 User logged in, proceed. > > 13:14:27,584 INFO [FtpLoggingFilter] RECEIVED: PWD > 13:14:27,585 INFO [FtpLoggingFilter] SENT: 257 "/" is current directory. > > 13:14:27,634 INFO [FtpLoggingFilter] RECEIVED: CWD <DIRECTORY> > 13:14:27,635 INFO [FtpLoggingFilter] SENT: 250 Ok > > 13:14:27,684 INFO [FtpLoggingFilter] RECEIVED: CWD TestConn > 13:14:27,685 INFO [FtpLoggingFilter] SENT: 250 Ok > > 13:14:27,734 INFO [FtpLoggingFilter] RECEIVED: EPSV > 13:14:27,737 INFO [FtpLoggingFilter] SENT: 229 Entering Passive Mode > (|||10120|) > > 13:14:27,844 INFO [FtpLoggingFilter] RECEIVED: TYPE I > 13:14:27,846 INFO [FtpLoggingFilter] SENT: 200 Command TYPE okay. > > 13:14:27,893 INFO [FtpLoggingFilter] RECEIVED: STOR TestConn.xml > 13:14:27,948 INFO [FtpLoggingFilter] SENT: 150 Ok > > 13:14:27,948 INFO [FtpLoggingFilter] SENT: 226 Ok > > 13:14:28,031 INFO [FtpLoggingFilter] RECEIVED: QUIT > 13:14:28,033 INFO [FtpLoggingFilter] SENT: 221 Goodbye. > > 13:14:28,033 INFO [FtpLoggingFilter] CLOSED* > > > When I am not running as root, I get the following trace: > > *13:17:27,578 INFO [FtpLoggingFilter] CREATED > 13:17:27,587 INFO [FtpLoggingFilter] OPENED > 13:17:27,615 INFO [FtpLoggingFilter] SENT: 220 Service ready for new user. > > 13:17:27,666 INFO [FtpLoggingFilter] RECEIVED: USER <USERNAME> > 13:17:27,669 INFO [FtpLoggingFilter] SENT: 331 User name okay, need > password for **<USERNAME>**. > > 13:17:28,213 INFO [FtpLoggingFilter] RECEIVED: PASS ***** > 13:17:28,222 INFO [PASS] Login success - FTPROOT > 13:17:28,223 INFO [FtpLoggingFilter] SENT: 230 User logged in, proceed. > > 13:17:28,271 INFO [FtpLoggingFilter] RECEIVED: PWD > 13:17:28,272 INFO [FtpLoggingFilter] SENT: 257 "/" is current directory. > > 13:17:28,320 INFO [FtpLoggingFilter] RECEIVED: CWD **<DIRECTORY>* > *13:17:28,320 INFO [FtpLoggingFilter] SENT: 250 Ok > > 13:17:28,367 INFO [FtpLoggingFilter] RECEIVED: CWD TestConn > 13:17:28,367 INFO [FtpLoggingFilter] SENT: 250 Ok > > 13:17:28,414 INFO [FtpLoggingFilter] RECEIVED: EPSV > 13:17:28,417 INFO [FtpLoggingFilter] SENT: 229 Entering Passive Mode > (|||10120|) > > 13:17:28,512 INFO [FtpLoggingFilter] RECEIVED: PASV > 13:17:28,514 INFO [FtpLoggingFilter] SENT: 227 Entering Passive Mode > (10,101,64,144,39,136) > > 13:17:28,817 WARN [FtpLoggingFilter] EXCEPTION : > java.io.IOException: Connection reset by peer > at sun.nio.ch.FileDispatcher.read0(Native Method) > at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21) > at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233) > at sun.nio.ch.IOUtil.read(IOUtil.java:206) > at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:207) > at > org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:179) > at > org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:41) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:585) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:563) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:552) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:56) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:891) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) > at java.lang.Thread.run(Thread.java:595) > 13:17:28,819 ERROR [DefaultFtpHandler] Exception caught, closing session > java.io.IOException: Connection reset by peer > at sun.nio.ch.FileDispatcher.read0(Native Method) > at sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:21) > at sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:233) > at sun.nio.ch.IOUtil.read(IOUtil.java:206) > at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:207) > at > org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:179) > at > org.apache.mina.transport.socket.nio.NioProcessor.read(NioProcessor.java:41) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:585) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:563) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.process(AbstractPollingIoProcessor.java:552) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor.access$400(AbstractPollingIoProcessor.java:56) > at > org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:891) > at > org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:651) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:676) > at java.lang.Thread.run(Thread.java:595) > 13:17:28,819 INFO [FtpLoggingFilter] CLOSED* > > This suggests that something couldn't bind correctly. > > I have the following setup in IPTABLES: > > *DNAT tcp -- anywhere anywhere tcp > dpt:ftp-data to:<ipaddress>:10120 > DNAT tcp -- anywhere anywhere tcp dpt:ftp to: > **<ipaddress>**:10121 > * > Which maps port 20 to 10120 and 21 to 10121, and the following in my server > code: > > > * DataConnectionConfigurationFactory dataConnFactory = new > DataConnectionConfigurationFactory(); > dataConnFactory.setPassivePorts("10120"); > * > > Thank you for the continued help. > > > On Fri, Mar 12, 2010 at 12:59 PM, Niklas Gustavsson > <[email protected]>wrote: > >> On Fri, Mar 12, 2010 at 12:57 PM, Aidan Diffey >> <[email protected]> wrote: >> > Further information on the port binding: >> > If I run my application as root, all is well. If I run as another user, >> I >> > get the "Connection reset by peer" message when the device attempts to >> > connect and send a file to the server. >> > >> > Let me check that I understand you. >> > >> > The device / devices that are attaching to my FTPServer use ports 20 and >> 21. >> >> The devices must be configured to use passive connections (the default >> is usually active connections). >> >> > If I map using IPTables port 20 to 10120 and port 21 to 10121 then I need >> to >> > bind my server to ports 10120 and 10121. >> > As I stated in the previous post, I cannot bind the server to 10120 and >> see >> > it appear on a netstat -a command. >> >> You will only see the port after the client sends the PASV command and >> it will only live for as long as the transfer over the data connection >> is in progress. >> >> > As for your second point, If I have 10 devices trying to communicate with >> my >> > FTPServer on ports 10120 and 10121, will they be able to connect >> > simultaneously, or will they have to connect sequentially? >> >> They will be able to connect to the control socket simultaneously, but >> only do data transfers sequentially. >> >> /niklas >> >
