vsftpd - local connection refused
Hello,
I'm trying to run vsftpd on redhat 8. I had it accepting anon connections a few days ago but it decided yesterday not to do so any more. I can connect to 127.0.0.1 no problem but cannot connect to my eth0 IP even from the machine itself. The error message I get is simply "Connection refused". I have no firewalling in place. I have an entry in hosts.allow of "vsftpd: ALL". While we're on the subject, can anyone point me to a good site that gives comprehensive, step-by-step instructions for setting up vsftp? I'd eventually like to get this machine accepting authenticated users only. Thanks in advance for you flep. Si |
Welcome to LQ.
Is the service listening on addresses other than the loopback? post the output of: netstat -nlp iptables -L You cna get lots of info about config options by running: man smb.conf |
Thanks. I'll get that info later today and post it.
|
Looks like port 21 is listening...
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 543/rpc.statd tcp 0 0 127.0.0.1:32769 0.0.0.0:* LISTEN 677/xinetd tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 690/lpd Waiting tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 524/portmap tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 858/X tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 677/xinetd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 662/sshd tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 677/xinetd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 712/sendmail: accep udp 0 0 0.0.0.0:32769 0.0.0.0:* 543/rpc.statd udp 0 0 0.0.0.0:68 0.0.0.0:* 450/dhclient udp 0 0 0.0.0.0:719 0.0.0.0:* 543/rpc.statd udp 0 0 0.0.0.0:111 0.0.0.0:* 524/portmap IPTABLES Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination |
That should be fine - can you post your config file too.
|
Can do...but before you go any further I should tell you I have since reinstalled but am still having this issue. I removed the RPM and downloaded the latest tarball from http://vsftpd.beasts.org.
This conf file is different from what I had before but the error message is identical. # Access rights anonymous_enable=YES local_enable=NO write_enable=NO anon_upload_enable=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO # Security anon_world_readable_only=YES connect_from_port_20=YES hide_ids=YES pasv_min_port=50000 pasv_max_port=60000 # Features xferlog_enable=YES ls_recurse_enable=NO ascii_download_enable=NO async_abor_enable=YES # Performance one_process_model=YES idle_session_timeout=120 data_connection_timeout=300 accept_timeout=60 connect_timeout=60 anon_max_rate=50000 |
This is interesting. I tested telnet to see if maybe the problem wasn't just with vsftp and, sure enough, I'm having the same problem; I can telnet to localhost but not to my IP.
This makes me think maybe it's the firewall, but as you know I've flushed all my iptables. Any thoughts? On a related note, if I open the GUI for the firewall (I run Red Hat 8.0) and change the setting from, say, 'High' to 'No Firewall', click OK, and then reopen the tool...it appears that the configuration is exactly as it was before I made the change. I think I remember reading somewhere that the GUI will always display the same setting no matter what. This makes no sense to me. In fact, I'm fairly sure I've seen the GUI reflect the way I most recently set it. But now it stays the same. Is there a reason why my firewall changes apparently don't stick? |
Lookit - the firewall tool does not remember firewall rules so you need to apply them each time or better yet just write a simple bash script.
Can you ping your own IP? |
I HAD A SIMILAR PROBLEM AND I SET THE FTP CLIENT TO RUN IN PASSIVE MODE AND IT WORKS FINE NOW
|
No need to shout...
|
OK, this is REALLY embarrassing.
Um...I was trying to connect to the wrong IP. You'd think that would be the first thing I'd check, but oh no...it was actually the LAST thing I checked. Sshhh...don't tell anyone. |
OK, so now I can connect anonymously. What I want is to set up authenticated access. So I followed the instructions here,
ftp://vsftpd.beasts.org/users/cevans...L_USERS/README However, when I try to authenticate now I get a "530 Login incorrect" error. I checked /var/log/messages and the last entry is as follows: localhost pam_userdb[1358]: user_lookup: could not open database `/etc/vsftpd_login.db' Permissions for this database are shown below, -rw------- 1 root root 12288 Nov 1 13:07 vsftpd_login.db Any thoughts? |
I've never setup vsftpd to authenticate to an extra database like that before but I would guess that you don't have Berkley DB installed.
|
I installed it alright. That's how I created the db in the first place.
|
Are you sure the db files is /etc/vsftpd_login.db and not /etc/vsftpd/vsftpd_login.db or somethign else?
|
All times are GMT -5. The time now is 05:38 AM. |