LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-21-2007, 02:00 PM   #1
thatguy0
LQ Newbie
 
Registered: Feb 2007
Posts: 6

Rep: Reputation: 0
FTP port blocked on Debian (sarge)


I am trying to set up an FTP server on my Debian system, but it appears I port 21 is blocked. I do have an ftp server installed (proftpd).

This is what it says when I try and log in through ftp locally:

Connected to localhost.localdomain.
421 Service not available, remote server has closed connection


If I change the port to something other than 21, it allows me to connect in. So what could be causing this to be blocked? This is a fresh installation by the way.

Thanks!
 
Old 02-22-2007, 07:07 AM   #2
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
A firewall sitting between? check with iptables -L

Otherwise, no real idea. I would install tcpdump and sniff what's on the wire.
 
Old 02-22-2007, 10:00 AM   #3
thatguy0
LQ Newbie
 
Registered: Feb 2007
Posts: 6

Original Poster
Rep: Reputation: 0
Well iptaples gives me this:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Which I assume means there is no firewall. And tcpdump shows that there is at least some traffic going on... not really sure what it means though. But at least its not completely blocked. Anything else to try
 
Old 02-22-2007, 10:06 AM   #4
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Quote:
Originally Posted by thatguy0
And tcpdump shows that there is at least some traffic going on... not really sure what it means though. But at least its not completely blocked. Anything else to try
Yes, posting the result of tcpdump

When you do this, change your IPs if they are public and they appear (probably localhost will show so no problem).


Code:
tcpdump -i lo
I see connected and then connection closed (421). Do these 2 events happen with a delay between them? like more than 3 seconds or is it instantaneous?

Weird thing, still no clue
 
Old 02-22-2007, 10:12 AM   #5
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Have you tried connecting to port 21 using telnet? Or a port scan with nmap?
 
Old 02-22-2007, 10:51 AM   #6
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Yes that would be an idea. I wanted to tell the OP to try with netcat.
Because actually the message "connected" doesn't mean anything if I remember well?!

Let's see the tcpdump trace
 
Old 02-22-2007, 11:01 AM   #7
thatguy0
LQ Newbie
 
Registered: Feb 2007
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for your replies guys. Here's the netstat dump

Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
11:57:36.507719 IP localhost.localdomain.38213 > localhost.localdomain.ftp: S 3300202576:3300202576(0) win 32767 <mss 16396,sackOK,timestamp 15837237 0,nop,wscale 0>
11:57:36.507784 IP localhost.localdomain.ftp > localhost.localdomain.38213: S 3302205403:3302205403(0) ack 3300202577 win 32767 <mss 16396,sackOK,timestamp 15837237 15837237,nop,wscale 0>
11:57:36.507820 IP localhost.localdomain.38213 > localhost.localdomain.ftp: . ack 1 win 32767 <nop,nop,timestamp 15837237 15837237>
11:57:41.513373 IP localhost.localdomain.ftp > localhost.localdomain.38213: F 1:1(0) ack 1 win 32767 <nop,nop,timestamp 15837738 15837237>
11:57:41.523188 IP localhost.localdomain.38213 > localhost.localdomain.ftp: . ack 2 win 32767 <nop,nop,timestamp 15837739 15837738>
At that point I get the "421 Service not available, remote server has closed connection" error.

Telnet-ing into 21 results in nothing, except an error similar to the one above.

I'll try the other thing after this
 
Old 02-22-2007, 11:04 AM   #8
thatguy0
LQ Newbie
 
Registered: Feb 2007
Posts: 6

Original Poster
Rep: Reputation: 0
Here's the results of nmap

Code:
(The 1649 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
20/tcp   open  ftp-data
21/tcp   open  ftp
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
111/tcp  open  rpcbind
113/tcp  open  auth
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
548/tcp  open  afpovertcp
631/tcp  open  ipp
934/tcp  open  unknown
3306/tcp open  mysql
5432/tcp open  postgres
 
Old 02-22-2007, 11:20 AM   #9
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Quote:
11:57:41.513373 IP localhost.localdomain.ftp > localhost.localdomain.38213: F 1:1(0) ack 1 win 32767 <nop,nop,timestamp 15837738 15837237>
The connection is made,
No ident is asked by the server (optionnal)
No rDNS request is done (optionnal)
No Welcome message is sent (not good)
The connection is closed after 5s, probably the time out of ftpserver.


Could you try with another ftp server?

You say that it works on another port right?

Hum.. still no more clue Out of idea here but interested.

edit:
Could be an iptables conntrack helper module, that's the only that I can see that uses specifically the port 21.
check if ip_conntrack_ftp is or not in lsmod on the server.

Last edited by nx5000; 02-22-2007 at 11:25 AM.
 
Old 02-22-2007, 11:40 AM   #10
thatguy0
LQ Newbie
 
Registered: Feb 2007
Posts: 6

Original Poster
Rep: Reputation: 0
Yeah I've tried 3 different ftp servers. All the same results. The strange thing is, I was using an older server originally but it had the same setup exactly, and there were no problems.

ip_conntrack_ftp is not in lsmod

And yes it does work on other ports. How strange eh?
 
Old 02-22-2007, 12:04 PM   #11
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Yes indeed

Ok next try, launching proftp in debug mode:

/etc/init.d/proftpd stop
proftpd -n -d 10 &> /tmp/damned.log

on the client, connect . I mean try
As soon as you get the 421 message, ctrl-c on the proftpd.

Maybe more info in /tmp/damned.log ?
 
Old 02-22-2007, 12:07 PM   #12
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 52
Second thing to try.

Download netcat
apt-get install netcat
Stop proftp and "mimic" an ftp server with netcat
/etc/init.d/proftpd stop

This is your new ftp server:
nc -l -vv -p 21

In an other shell, try this:
nc -vv localhost 21
<type a few things and press enter> you should see the message on the netcat ftp server
and also

ftp localhost


Also what other ports have you tried? <1024?
And you did it with the same client ?
/usr/bin/ftp localhost 37 for example

Last edited by nx5000; 02-22-2007 at 12:09 PM.
 
Old 02-22-2007, 01:27 PM   #13
thatguy0
LQ Newbie
 
Registered: Feb 2007
Posts: 6

Original Poster
Rep: Reputation: 0
Its working now! A co-worker of mine who is much more versed in Linux than I am tried his hand at it (its a slow day here. lol)

This is what it looks like happened:
I had originally set proftpd to start with inetd. For whatever reason it doesn't seem to work that way, so I set it up as a standalone program. But I guess in my lack of linux knowledge, I didn't take it out of inetd so it was trying to start it both ways. We figured it out from checking the syslog file. It was saying:

Code:
Feb 22 14:12:24 localhost proftpd[1342]: connect from 192.168.0.75 (192.168.0.75)
Feb 22 14:12:25 localhost proftpd[1343]: localhost.localdomain - Failed binding to 0.0.0.0, port 21: Address already in use
Feb 22 14:12:25 localhost proftpd[1343]: localhost.localdomain - Check the ServerType directive to ensure you are configured correctly.
Again, thanks a lot for you help!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why is my port 25 still blocked jfaberna Linux - Security 8 02-21-2006 10:46 PM
NFS Port Number on debian Sarge jess1975 Debian 1 11-04-2005 06:59 AM
FTP server in Debian Sarge tyranus Debian 8 09-03-2005 05:17 PM
tftp port blocked? abalmos Linux - Newbie 4 06-09-2005 10:35 AM
blocked port 80 squi Linux - Newbie 1 09-19-2003 09:57 AM


All times are GMT -5. The time now is 09:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration