In my previous post, I explained how to upload pictures from your iPhone straight to you Home Server but it turns out it requires some extra configuration on the vsftpd side. Pixelpipe is using passive ftp connections and I hadn't explained how to setup vsftpd to accept such connections. This feature is handy for all sorts of other reasons (e.g. most browser only support passive mode as well) so here is how you go about and enable Passive FTP mode in vsftp.

Step 1: Configure vsftpd
Open /etc/vsftpd.conf and add the following lines:

pasv_enable=YES
pasv_min_port=60000
pasv_max_port=60100
pasv_address=0.0.0.0

The first line is pretty self-explanatory (oh alright then, it enables passive mode). The second and third line are the ports that you allow vsftpd to use for the passive data connection. Basically, in passive mode, ftp assigns a random port > 1023 for handling the data connection. However, I want to limit this "randomness" to a narrow range as I need to open these ports up (see next steps). You can choose any number here, I settled for a 100 port range.

In the last line you need to set your WAN IP address (so not your server's LAN IP address, but the routers WAN IP address). Now I am aware that you might have a dynamic IP address that you get assigned by your ISP, but we can solve that with a little shell script, for now, just hard code it in the .conf file.

Step 2: Restart vsftpd server
> sudo /etc/init.d/vsftpd restart

Step 3: Open your data ports in your router and firewall
Make sure the following ports are forewarded to your server:20, 21 and the PASV range you specified in your vsftpd.conf file (60000 - 60100 in my case)

Fire up your favorite FTP client and you should now be able to connect in passive mode.

This setup is needed to get pixelpipe to upload your pictures to your FTP server.

What if you have a Dynamic IP address?

If you are on a dynamic IP address, you need to change the pasv_address every time you get a new IP address assigned. Alternatively, you can create a DNS name for your IP address (at dyndns.org or some other DynDNS service)and use a script to change your .conf file automatically (create a cronjob). Here is an example script:

#!/bin/sh
vsftpd_conf=/etc/vsftpd.conf
#change to your domain name in next line
my_ip=`host your_host.dyndns.org | cut -f4 -d" "`
vsftpd_ip=`grep pasv_address $vsftpd_conf | cut -f2 -d=`

if [ "$my_ip" != "$vsftpd_ip" ] ; then
( echo ",s/$vsftpd_ip/$my_ip/g" && echo w ) | ed - $vsftpd_conf
/etc/init.d/vsftpd restart
fi
Note that you need to run the crontab as sudo (so first do a sudo -i and then crontab -e and add your script, make it run e.g. every 15 minutes).

Cheers,
Mark.

2 comments

  1. niranjani // August 27, 2009 at 9:16 PM  

    Super Information..Nice..I I also having the Internet connection in my Laptop i usually check the InternetUploading Speed & Downloading Speed In the site ip-details.com

  2. Anonymous // October 13, 2012 at 7:34 AM  

    Thanks for the info.
    However I'm still getting connection refused errors when trying to connect to the WAN IP address.
    I think I should also mention that after configuring vsftpd for passive connections, I'm still able to connect with the LAN IP.
    What am I missing?
    Thanks