VSFTPD Running But Cannot Connect from another machine
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
You can use the ftp -v command to get verbose output of the connection attempt. Sounds like a firewall problem though. Check iptables to see if you're allowing incoming ftp connections and check /etc/hosts.allow to see if tcpwrappers is the problem. There should probably be an entry like:
FTPD: xxx.xxx.xxx.xxx for your windowsXP boxes ip address.
It might also be your linksys router. If your trying to connect from outside the LAN you'll have to setup the Linksys to forward ftp connections to your linux box. If your trying to connect from the LAN side, it shouldn't block the traffic.
Thanks for the ideas. I tried ftp -v but did not get any different output. For my Windows XP FTP, -v shows
-v Suppresses display of remote server responses.
I tried the -d option as well which says it enabled debugging information. Same thing.
I was able to get the Linksys port mapping working and I can access my FTP server from my AOL Account. I just cannot access it from the standard FTP utility on my Windows XP box accessing the FTP Server on my Linux box. So the easy part is not working (WinXP) but the hard part is (getting this all working from the external internet).
I checked hosts.allow and actually I do not have any entries in that file at all.
I know that my vsftpd.conf file does have tcpwrappers=yes. Is that part of the problem? Why would I be able to connect from external but not from my local Windows box?
Sorry, my bad. The -v option is for verbose output in Linux. If you can login from the outside, it sound like everything with the linux ftp daemon is alright. If you don't have any entries in either hosts.allow or hosts.deny, then tcpwrappers won't block any of the traffic, so that's alright. Double check the ip address of the linux box (use ifconfig command as root). But it sounds like the firewall though. Try this:
Look for entries that involve ftp (port 21). You should see something that vaguely resembles this:
-A INPUT -p tcp --dport 21 -j ACCEPT
The INPUT, --dport 21, and ACCEPT part are what you're looking for. My guess is that because your Linksys router is also your DHCP server, it's ip address is punched through the filewall automatically. Your external traffic might be getting masqueraded by the router, but your local LAN traffic isn't, so you may have to add an iptables entry for your LAN addresses. Any error messages will likely go to /var/log/messages or /var/log/secure. But the vsFTP.conf file should have an entry telling you where the error messages are logged to by default.
I do not have an iptables in /etc/sysconfig. I found an iptables script in /etc/rc.d/init.d, but nothing in /etc/sysconfig. I looked at the script and it shows /etc/sysconfig as the correct location, but no file. Should there be?
The only thing I do find in /var/log/messages that looks out of order is:
Apr 27 14:38:24 localhost vsftpd: warning: can't get client address: Bad file descriptor
That's odd. I double checked the location at the Redhat website to see if they moved it or something in RH9, but it said that it should be in the same place(/etc/sysconfig/iptables). You might not have enabled the firewall when you installed. Anyway it doesn't really matter for now, just do:
service iptables stop
to turn off iptables for now. See if that makes a difference. Also, from your windows box, try to ftp to the external ip address that is assigned to the router (you can find it using the Linksys web-administration interface).
Other things to try:
1. See if you can telnet to port 21 of the linux box. If you can, that means the windows FTP client is the problem.
Just do telnet 127.21.1.101 21
If it works, you'll see a greeting banner. If not, you won't see anything.
2. See if you can ping the linux box from windows.
I think the problem has to do with the way the Linksys is doing its routing. If you're absolutely set on being able to access it by its internal LAN address, take a look at the documentation for the router at the Linksys site and try to do forwarding a different way. I think there are at least 2 options, standard port forwarding and uPnP. I actually realized that I have a similar problem occuring with a webserver on a LAN at work (I just never tested it from inside) and it has to do with the way the NAT is setup (specifically that SNAT'ing isn't setup). I think if you setup uPNP and static LAN addresses for the internal boxes, it can route the internal requests. If that doesn't work, I would recommend a large sledgehammer or 2x4 with a spike through it.