LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 09-22-2006, 08:59 PM   #1
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Rep: Reputation: 0
ftp server set up using vsftp not visible in the network.


Hi,
I am running SuSE 10.0 Linux in Dell 600 laptop. What I am trying to do is to set it up as a ftp server using vsftp and also share my computer as a samba server. I edited the configuration file for setting up vsftp and used YaST to set up samba server.

Both work fine when I try to access the locations (using ftp://calculemus and smb://calculemus, my computer's name is calculemus.) from my computer. However, other computers connected to the same network cannot log on to my 'server'. My computer is not visible to them.

I tried to loosen up the firewall a bit by setting open TCP and UDP ports 21 and 20 for External zone but it did not help. Since I am having problem with both samba and ftp, I guess it is not configuration files.

Could someone shed some light in this matter. Looking forward to your replies.

Thanks.
 
Old 09-23-2006, 04:37 AM   #2
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Try using the IP address of your vsftpd server instead of the hostname when trying to connect from the other machines on your network. I think your having name resolution problems.
 
Old 09-24-2006, 07:29 PM   #3
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Original Poster
Rep: Reputation: 0
Tried but still not working.

I got the ipaddress of my computer from ifconfig. But I still have the same problem. I can connect to my computer but still only my computer can connect to my server.
 
Old 09-24-2006, 11:29 PM   #4
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
What error message are you getting this time? 'Connection Refused' or 'Unknown Host'. If it is the latter then you need to connect without a URL protocol type. ie-

ftp 192.168.10.1

and not

ftp ftp://192.168.10.1

If you got a 'connection refused' message try to see if you can ping the server from your client machine. If your able to ping the server but still are unable to connect it may be a misconfiguration in vsftpd.conf or a firewall issue.

If on the other hand your unable to ping the server, its most likely a connectivity issue.
 
Old 09-26-2006, 07:01 PM   #5
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Original Poster
Rep: Reputation: 0
I tried to ping my server (with the ip address) from a windows XP client and my computer sends some packets to the client. However, when I tried to access the ftp I get the following error:
"FTP Folder error. Windows cannot access this folder. Make sure you typed the filename correctly and that you have permission to access this folder. Details: The connection with the server was reset."

Typing in a name would have been easier, could someone please suggest me how I could use a string instead of ip?

For your reference, here is what my vsftp file looks like:
#---------------------------------------------------------
#/etc/xinetd.d/vsftp
# default: off
# description:
# The vsftpd FTP server serves FTP connections. It uses
# normal, unencrypted usernames and passwords for authentication.
# vsftpd is designed to be secure.
#
# NOTE: This file contains the configuration for xinetd to start vsftpd.
# the configuration file for vsftp itself is in /etc/vsftpd.conf
#
service ftp
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/vsftpd
disable = no
# server_args =
# log_on_success += DURATION USERID
# log_on_failure += USERID
# nice = 10
}

#---------------------------------------------------
 
Old 09-27-2006, 02:21 AM   #6
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Could you check the permissions of the root dirctory for vsftpd. This is the directory that you get when you login locally. Are you trying to login to the server with an anonymous user (ftp/anonymous) or local user?
Can you post your /etc/vsftpd/vsftpd.conf file. The one that you posted was your xinetd configuration file.
 
Old 09-27-2006, 09:58 AM   #7
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Original Poster
Rep: Reputation: 0
The permission for my /srv/ftp folder is as follows:

drwxr-xr-x 2 root root 72 2006-09-23 01:17 ftp/
-----------------------------------------------
I used Flash FXP to connect anonymously to my server from windows and here is the log:

WinSock 2.0 -- OpenSSL 0.9.7g 11 Apr 2005
[R] Connecting to 10.100.5.136 -> IP=10.100.5.136 PORT=21
[R] Connected to 10.100.5.136
[R] Connection failed (Connection lost)
[R] Delaying for 120 seconds before reconnect attempt #1
[R] Retry attempt Aborted
[R] Connecting to 10.100.5.136 -> IP=10.100.5.136 PORT=21
[R] Connected to 10.100.5.136
[R] Connection failed (Connection lost)
[R] Delaying for 120 seconds before reconnect attempt #1
-----------------------------------------------
The content of /etc/vsftp.conf file:

# General Settings
#
# Uncomment this to enable any form of FTP write command.
#
#write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
#
dirmessage_enable=YES
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#
#nopriv_user=ftpsecure
#
# You may fully customise the login banner string:
#
ftpd_banner="Welcome to Calculemus!."
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#
#ls_recurse_enable=YES
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#
#deny_email_enable=YES
#
# (default follows)
#
#banned_email_file=/etc/vsftpd.banned_emails
#
# If enabled, all user and group information in
# directory listings will be displayed as "ftp".
#
#hide_ids=YES

# Local FTP user Settings
#
# Uncomment this to allow local users to log in.
#
local_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
local_umask=022
#
# Uncomment to put local users in a chroot() jail in their home directory
# after login.
#
#chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#
#chroot_list_enable=YES
#
# (default follows)
#
#chroot_list_file=/etc/vsftpd.chroot_list
#
# The maximum data transfer rate permitted, in bytes per second, for
# local authenticated users. The default is 0 (unlimited).
#
#local_max_rate=7200


# Anonymus FTP user Settings
#
# Allow anonymous FTP?
#
anonymous_enable=YES
#
# Anonymous users will only be allowed to download files which are
# world readable.
#
anon_world_readable_only=YES
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#
#anon_upload_enable=YES
#
# Default umask for anonymus users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#
#anon_umask=022
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#
#anon_mkdir_write_enable=YES
#
# Uncomment this to enable anonymus FTP users to perform other write operations
# like deletion and renaming.
#
#anon_other_write_enable=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#
#chown_uploads=YES
#chown_username=whoever
#
# The maximum data transfer rate permitted, in bytes per second, for anonymous
# authenticated users. The default is 0 (unlimited).
#
#anon_max_rate=7200


# Log Settings
#
# Log to the syslog daemon instead of using an logfile.
#
syslog_enable=YES
#
# Uncomment this to log all FTP requests and responses.
#
#log_ftp_protocol=YES
#
# Activate logging of uploads/downloads.
#
#xferlog_enable=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#vsftpd_log_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note: This disables the normal logging unless you enable dual_log_enable below.
#
#xferlog_std_format=YES
#
# You may override where the log file goes if you like. The default is shown
# below.
#
#xferlog_file=/var/log/xferlog
#
# Enable this to have booth logfiles. Standard xferlog and vsftpd's own style log.
#
#dual_log_enable=YES
#
# Uncomment this to enable session status information in the system process listing.
#
#setproctitle_enable=YES

# Transfer Settings
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
#
connect_from_port_20=YES
#
# You may change the default value for timing out an idle session.
#
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#
#data_connection_timeout=120
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# Set to NO if you want to disallow the PASV method of obtaining a data
# connection.
#
#pasv_enable=NO

# PAM setting. Do NOT change this unless you know what you do!
#
pam_service_name=vsftpd

# Set listen=YES if you want vsftpd to run standalone
#
#listen=YES
--------------------------------------------------------------------------------------------------------
 
Old 09-27-2006, 10:51 PM   #8
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Your client seems to be reaching the server, but the connection cannot be established. What do the logs on the server-side say?

There are a few things I want you to try:

1) Uncomment the 'listen=YES' line in the vsftpd.conf file and restart xinetd and vsftpd. Then try to connect with your client.

2) Make sure there are no entries in the /etc/hosts.deny and /etc/hosts.allow files for vsftpd. Check the /etc/vsftpd.ftpusers and /etc/vsftpd.user_list files to make sure your users are not listed there. Make sure that your firewall is disabled.

3) Try connecting with a different ftp client

4) Comment out the line 'pam_service_name=vsftpd' in vsftpd.conf and restart vsftpd.

5) Connect your server and client together directly with a cross cable and try to access the server.

Last edited by SlackDaemon; 09-27-2006 at 10:55 PM.
 
Old 10-04-2006, 11:09 AM   #9
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Original Poster
Rep: Reputation: 0
1) Uncomment the 'listen=YES' line in the vsftpd.conf file and restart xinetd and vsftpd. Then try to connect with your client.
=> I did it but it did not change the behaviour of the client. I could see the same log as when I had the line commented.

2)Make sure there are no entries in the /etc/hosts.deny and /etc/hosts.allow files for vsftpd. Check the /etc/vsftpd.ftpusers and /etc/vsftpd.user_list files to make sure your users are not listed there. Make sure that your firewall is disabled.
=>In /etc/hosts.deny file, the following line was there, so I commented it, but it did not change anything.
#http-rman : ALL EXCEPT LOCAL
I do not have /etc/vsftpd.ftpusers and /etc/vsftpd.user_list files in my computer.
I disabled the firewall from YAST > System > Runlevel and then stopped services: SuSEfirewall2_init,SuSEfirewall2_setup.

3) At this point even the pinging did not work. So, I enabled firewall again and the client could ping again.

I made a fresh install of vsftp and changed the /etc/vsftp.conf file to what I had entered before.
--------------------------------------------------------------------------
Here is the content of /etc/hosts file:

#
# hosts This file describes a number of hostname-to-address
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server.
# Syntax:
#
# IP-Address Full-Qualified-Hostname Short-Hostname
#

127.0.0.1 localhost

# special IPv6 addresses
::1 localhost ipv6-localhost ipv6-loopback

fe00::0 ipv6-localnet

ff00::0 ipv6-mcastprefix
ff02::1 ipv6-allnodes
ff02::2 ipv6-allrouters
ff02::3 ipv6-allhosts
127.0.0.2 abacus.site abacus

-----------------------------------------------------------------
Here is the content of hosts.conf:

#
# /etc/host.conf - resolver configuration file
#
# Please read the manual page host.conf(5) for more information.
#
#
# The following option is only used by binaries linked against
# libc4 or libc5. This line should be in sync with the "hosts"
# option in /etc/nsswitch.conf.
#
order hosts, bind
#
# The following options are used by the resolver library:
#
multi on
----------------------------------------------------------------------------
Here is the content of hosts.deny file:

# /etc/hosts.deny
# See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow
# for a detailed description.

#http-rman : ALL EXCEPT LOCAL
-------------------------------------------------------------------------------
Here is the content of hosts.allow:

# /etc/hosts.allow
# See 'man tcpd' and 'man 5 hosts_access' for a detailed description
# of /etc/hosts.allow and /etc/hosts.deny.
#
# short overview about daemons and servers that are built with
# tcp_wrappers support:
#
# package name | daemon path | token
# ----------------------------------------------------------------------------
# ssh, openssh | /usr/sbin/sshd | sshd, sshd-fwd-x11, sshd-fwd-<port>
# quota | /usr/sbin/rpc.rquotad | rquotad
# tftpd | /usr/sbin/in.tftpd | in.tftpd
# portmap | /sbin/portmap | portmap
# The portmapper does not verify against hostnames
# to prevent hangs. It only checks non-local addresses.
#
# (kernel nfs server)
# nfs-utils | /usr/sbin/rpc.mountd | mountd
# nfs-utils | /sbin/rpc.statd | statd
#
# (unfsd, userspace nfs server)
# nfs-server | /usr/sbin/rpc.mountd | rpc.mountd
# nfs-server | /usr/sbin/rpc.ugidd | rpc.ugidd
#
# (printing services)
# lprng | /usr/sbin/lpd | lpd
# cups | /usr/sbin/cupsd | cupsd
# The cupsd server daemon reports to the cups
# error logs, not to the syslog(3) facility.
#
# (Uniterrupted Power Supply Software)
# apcupsd | /sbin/apcupsd | apcupsd
# apcupsd | /sbin/apcnisd | apcnisd
#
# All of the other network servers such as samba, apache or X, have their own
# access control scheme that should be used instead.
#
# In addition to the services above, the services that are started on request
# by inetd or xinetd use tcpd to "wrap" the network connection. tcpd uses
# the last component of the server pathname as a token to match a service in
# /etc/hosts.{allow,deny}. See the file /etc/inetd.conf for the token names.
# The following examples work when uncommented:
#
#
# Example 1: Fire up a mail to the admin if a connection to the printer daemon
# has been made from host foo.bar.com, but simply deny all others:
# lpd : foo.bar.com : spawn /bin/echo "%h printer access" | \
# mail -s "tcp_wrappers on %H" root
#
#
# Example 2: grant access from local net, reject with message from elsewhere.
# in.telnetd : ALL EXCEPT LOCAL : ALLOW
# in.telnetd : ALL : \
# twist /bin/echo -e "\n\raccess from %h declined.\n\rGo away.";sleep 2
#
#
# Example 3: run a different instance of rsyncd if the connection comes
# from network 172.20.0.0/24, but regular for others:
# rsyncd : 172.20.0.0/255.255.255.0 : twist /usr/local/sbin/my_rsyncd-script
# rsyncd : ALL : ALLOW
#
-------------------------------------------------------------

The permissions for /etc/vsftp.conf file is as follows:

-rw------- 1 root root 6076 2006-10-04 17:42 vsftpd.conf


------------------------------------------------------------

Thank you so much for the help that you have been providing. Hope we will be able to solve this issue.
 
Old 10-04-2006, 11:26 AM   #10
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Original Poster
Rep: Reputation: 0
When I used Firefox in the client to access my computer, I get the message:

The connection was reset.

Last edited by calculemus; 10-04-2006 at 02:24 PM.
 
Old 10-05-2006, 12:34 AM   #11
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Quote:
Originally Posted by calculemus
I disabled the firewall from YAST > System > Runlevel and then stopped services: SuSEfirewall2_init,SuSEfirewall2_setup.

3) At this point even the pinging did not work. So, I enabled firewall again and the client could ping again.
Thats really strange. Disabling a firewall shouldn't block ICMP echos. Could you type the command iptables -L and post the output.

Also when you try to connect from a different PC what do the logs on the server side look like?
 
Old 10-05-2006, 12:05 PM   #12
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by SlackDaemon
Could you type the command iptables -L and post the output.

Also when you try to connect from a different PC what do the logs on the server side look like?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
target prot opt source destination

Chain input_ext (3 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere

Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable

Quote:
Originally Posted by SlackDaemon
Also when you try to connect from a different PC what do the logs on the server side look like?
Could you please tell me how I could do that. I am relatively new to networking.
 
Old 10-06-2006, 10:35 PM   #13
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Type the following commands on the server and then see if your able to connect with an FTP client.

iptables -P INPUT ACCEPT
iptables -I INPUT -m tcp -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -m tcp -p tcp --dport 20 -j ACCEPT
iptables -I INPUT -m udp -p udp --dport 20 -j ACCEPT

Also when you try to connect from a different PC what do the logs on the server side look like?

Could you please tell me how I could do that. I am relatively new to networking.


If you have a /var/log/vsftpd.log file, tail it:

tail -f /var/log/vsftpd.log

If not then tail the /var/log/messages file.

Once you've done that try to connect to the server with an ftp client and view for any output that may be displayed on the server's monitor.

Last edited by SlackDaemon; 10-06-2006 at 11:00 PM.
 
Old 10-11-2006, 12:49 AM   #14
calculemus
LQ Newbie
 
Registered: Sep 2006
Distribution: SuSE
Posts: 17

Original Poster
Rep: Reputation: 0
@ SlackDaemon

Quote:
Originally Posted by Calculemus
I am running SuSE 10.0 Linux in Dell 600 laptop. What I am trying to do is to set it up as a ftp server using vsftp and also share my computer as a samba server. I edited the configuration file for setting up vsftp and used YaST to set up samba server.
I updated to SuSE 10.1 few days back and I installed the new version of vsftp. It is working better now, I think, because of the four commands (Could you please explain briefly what they were...) that you asked me to type in because the client can connect but says problem with permissions. Here is the permissions setting for my /srv/ftp folder
drwxr-xr-x 2 root root 48 2006-04-23 03:51 ftp/


Quote:
Originally Posted by SlackDaemon
If you have a /var/log/vsftpd.log file, tail it:

tail -f /var/log/vsftpd.log

If not then tail the /var/log/messages file.

Once you've done that try to connect to the server with an ftp client and view for any output that may be displayed on the server's monitor.
I used Internet Explorer this time to see if I can connect to the ftp server. This is what was displayed after I tailed /var/log/messages

Oct 11 07:37:35 abacus vsftpd: Wed Oct 11 07:37:35 2006 [pid 1504] [ftp] OK LOGIN: Client "10.100.8.240", anon password "IEUser@"

Thanks for your support.
 
Old 10-11-2006, 04:15 AM   #15
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Try changing the permissions on the /srv/ftp directory to 755 so that ftp clients have readonly access to the directory.

chmod 755 /srv/ftp
<EDIT> - actually your permissions should already be enough to allow access. Is SElinux active on your system? Type getenforce. If it is active type setenforce 0 to deactivate it temporarily and try accessing ftp.

The four rules open up your firewall to allow ftp access. The first of those rules was not strictly necessary as it sets the default policy of the INPUT chain to ACCEPT. I just included it for testing purposes.

The other three rules open up ports 21 (ftp access and authentication port) and port 20 for data transfer. Firewall rules are checked one by one from top to bottom. If one of the rules matches, the packet is acted upon by the target destination (i.e. -j ACCEPT). If none of the rules matches the default policy of the chain is used (DROP in your case).

I am glad that you stuck with it and didn't give up mid-way.

Last edited by SlackDaemon; 10-11-2006 at 10:34 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftp - Can access FTP within office network BUT cant access via Internet! kokfei77 Red Hat 2 03-07-2012 07:24 PM
ftp server - Pure ftp - logs in OK but no files visible tp11235 Linux - Networking 2 08-30-2005 05:11 AM
How do I set my FTP server to accept passive FTP? imsam Linux - Newbie 3 12-12-2004 06:22 AM
VSFTP server set up pradi_net Linux - General 3 05-05-2004 04:49 AM
ftp server - how do I set it up? chapzilla Linux - Newbie 3 06-28-2003 07:22 PM


All times are GMT -5. The time now is 02:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration