LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   vsftpd - local connection refused (https://www.linuxquestions.org/questions/linux-networking-3/vsftpd-local-connection-refused-109217/)

simonmccourt 10-27-2003 04:23 PM

vsftpd - local connection refused
 
Hello,
I'm trying to run vsftpd on redhat 8. I had it accepting anon connections a few days ago but it decided yesterday not to do so any more. I can connect to 127.0.0.1 no problem but cannot connect to my eth0 IP even from the machine itself. The error message I get is simply "Connection refused".
I have no firewalling in place. I have an entry in hosts.allow of "vsftpd: ALL".
While we're on the subject, can anyone point me to a good site that gives comprehensive, step-by-step instructions for setting up vsftp? I'd eventually like to get this machine accepting authenticated users only.
Thanks in advance for you flep.
Si

david_ross 10-28-2003 01:34 PM

Welcome to LQ.

Is the service listening on addresses other than the loopback? post the output of:
netstat -nlp
iptables -L

You cna get lots of info about config options by running:
man smb.conf

simonmccourt 10-29-2003 06:02 AM

Thanks. I'll get that info later today and post it.

simonmccourt 10-30-2003 12:51 AM

Looks like port 21 is listening...

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:32768 0.0.0.0:* LISTEN 543/rpc.statd
tcp 0 0 127.0.0.1:32769 0.0.0.0:* LISTEN 677/xinetd
tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 690/lpd Waiting
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 524/portmap
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 858/X
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 677/xinetd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 662/sshd
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 677/xinetd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 712/sendmail: accep
udp 0 0 0.0.0.0:32769 0.0.0.0:* 543/rpc.statd
udp 0 0 0.0.0.0:68 0.0.0.0:* 450/dhclient
udp 0 0 0.0.0.0:719 0.0.0.0:* 543/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 524/portmap

IPTABLES
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

david_ross 10-30-2003 01:50 PM

That should be fine - can you post your config file too.

simonmccourt 10-30-2003 04:40 PM

Can do...but before you go any further I should tell you I have since reinstalled but am still having this issue. I removed the RPM and downloaded the latest tarball from http://vsftpd.beasts.org.
This conf file is different from what I had before but the error message is identical.

# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000

simonmccourt 10-30-2003 05:54 PM

This is interesting. I tested telnet to see if maybe the problem wasn't just with vsftp and, sure enough, I'm having the same problem; I can telnet to localhost but not to my IP.

This makes me think maybe it's the firewall, but as you know I've flushed all my iptables.
Any thoughts?

On a related note, if I open the GUI for the firewall (I run Red Hat 8.0) and change the setting from, say, 'High' to 'No Firewall', click OK, and then reopen the tool...it appears that the configuration is exactly as it was before I made the change. I think I remember reading somewhere that the GUI will always display the same setting no matter what. This makes no sense to me. In fact, I'm fairly sure I've seen the GUI reflect the way I most recently set it. But now it stays the same.

Is there a reason why my firewall changes apparently don't stick?

david_ross 10-31-2003 12:43 PM

Lookit - the firewall tool does not remember firewall rules so you need to apply them each time or better yet just write a simple bash script.

Can you ping your own IP?

shadow 10-31-2003 11:10 PM

I HAD A SIMILAR PROBLEM AND I SET THE FTP CLIENT TO RUN IN PASSIVE MODE AND IT WORKS FINE NOW

adz 11-01-2003 12:33 AM

No need to shout...

simonmccourt 11-01-2003 04:50 AM

OK, this is REALLY embarrassing.

Um...I was trying to connect to the wrong IP. You'd think that would be the first thing I'd check, but oh no...it was actually the LAST thing I checked.

Sshhh...don't tell anyone.

simonmccourt 11-01-2003 11:49 AM

OK, so now I can connect anonymously. What I want is to set up authenticated access. So I followed the instructions here,
ftp://vsftpd.beasts.org/users/cevans...L_USERS/README

However, when I try to authenticate now I get a "530 Login incorrect" error. I checked /var/log/messages and the last entry is as follows:
localhost pam_userdb[1358]: user_lookup: could not open database `/etc/vsftpd_login.db'
Permissions for this database are shown below,
-rw------- 1 root root 12288 Nov 1 13:07 vsftpd_login.db

Any thoughts?

david_ross 11-01-2003 01:11 PM

I've never setup vsftpd to authenticate to an extra database like that before but I would guess that you don't have Berkley DB installed.

simonmccourt 11-02-2003 10:27 AM

I installed it alright. That's how I created the db in the first place.

david_ross 11-02-2003 10:31 AM

Are you sure the db files is /etc/vsftpd_login.db and not /etc/vsftpd/vsftpd_login.db or somethign else?


All times are GMT -5. The time now is 05:38 AM.