Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
02-21-2007, 02:00 PM
|
#1
|
|
LQ Newbie
Registered: Feb 2007
Posts: 6
Rep: 
|
FTP port blocked on Debian (sarge)
I am trying to set up an FTP server on my Debian system, but it appears I port 21 is blocked. I do have an ftp server installed (proftpd).
This is what it says when I try and log in through ftp locally:
Connected to localhost.localdomain.
421 Service not available, remote server has closed connection
If I change the port to something other than 21, it allows me to connect in. So what could be causing this to be blocked? This is a fresh installation by the way.
Thanks!
|
|
|
|
|
02-22-2007, 07:07 AM
|
#2
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep: 
|
A firewall sitting between? check with iptables -L
Otherwise, no real idea. I would install tcpdump and sniff what's on the wire.
|
|
|
|
|
02-22-2007, 10:00 AM
|
#3
|
|
LQ Newbie
Registered: Feb 2007
Posts: 6
Original Poster
Rep:
|
Well iptaples gives me this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Which I assume means there is no firewall. And tcpdump shows that there is at least some traffic going on... not really sure what it means though. But at least its not completely blocked. Anything else to try
|
|
|
|
|
02-22-2007, 10:06 AM
|
#4
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Quote:
|
Originally Posted by thatguy0
And tcpdump shows that there is at least some traffic going on... not really sure what it means though. But at least its not completely blocked. Anything else to try
|
Yes, posting the result of tcpdump 
When you do this, change your IPs if they are public and they appear (probably localhost will show so no problem).
I see connected and then connection closed (421). Do these 2 events happen with a delay between them? like more than 3 seconds or is it instantaneous?
Weird thing, still no clue |
|
|
|
|
02-22-2007, 10:12 AM
|
#5
|
|
Senior Member
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515
Rep:
|
Have you tried connecting to port 21 using telnet? Or a port scan with nmap?
|
|
|
|
|
02-22-2007, 10:51 AM
|
#6
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Yes that would be an idea. I wanted to tell the OP to try with netcat.
Because actually the message "connected" doesn't mean anything if I remember well?!
Let's see the tcpdump trace
|
|
|
|
|
02-22-2007, 11:01 AM
|
#7
|
|
LQ Newbie
Registered: Feb 2007
Posts: 6
Original Poster
Rep:
|
Thanks for your replies guys. Here's the netstat dump
Code:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
11:57:36.507719 IP localhost.localdomain.38213 > localhost.localdomain.ftp: S 3300202576:3300202576(0) win 32767 <mss 16396,sackOK,timestamp 15837237 0,nop,wscale 0>
11:57:36.507784 IP localhost.localdomain.ftp > localhost.localdomain.38213: S 3302205403:3302205403(0) ack 3300202577 win 32767 <mss 16396,sackOK,timestamp 15837237 15837237,nop,wscale 0>
11:57:36.507820 IP localhost.localdomain.38213 > localhost.localdomain.ftp: . ack 1 win 32767 <nop,nop,timestamp 15837237 15837237>
11:57:41.513373 IP localhost.localdomain.ftp > localhost.localdomain.38213: F 1:1(0) ack 1 win 32767 <nop,nop,timestamp 15837738 15837237>
11:57:41.523188 IP localhost.localdomain.38213 > localhost.localdomain.ftp: . ack 2 win 32767 <nop,nop,timestamp 15837739 15837738>
At that point I get the "421 Service not available, remote server has closed connection" error.
Telnet-ing into 21 results in nothing, except an error similar to the one above.
I'll try the other thing after this |
|
|
|
|
02-22-2007, 11:04 AM
|
#8
|
|
LQ Newbie
Registered: Feb 2007
Posts: 6
Original Poster
Rep:
|
Here's the results of nmap
Code:
(The 1649 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
20/tcp open ftp-data
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
113/tcp open auth
139/tcp open netbios-ssn
445/tcp open microsoft-ds
548/tcp open afpovertcp
631/tcp open ipp
934/tcp open unknown
3306/tcp open mysql
5432/tcp open postgres
|
|
|
|
|
02-22-2007, 11:20 AM
|
#9
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Quote:
|
11:57:41.513373 IP localhost.localdomain.ftp > localhost.localdomain.38213: F 1:1(0) ack 1 win 32767 <nop,nop,timestamp 15837738 15837237>
|
The connection is made,
No ident is asked by the server (optionnal)
No rDNS request is done (optionnal)
No Welcome message is sent (not good)
The connection is closed after 5s, probably the time out of ftpserver.
Could you try with another ftp server?
You say that it works on another port right?
Hum.. still no more clue Out of idea here but interested.
edit:
Could be an iptables conntrack helper module, that's the only that I can see that uses specifically the port 21.
check if ip_conntrack_ftp is or not in lsmod on the server.
Last edited by nx5000; 02-22-2007 at 11:25 AM.
|
|
|
|
|
02-22-2007, 11:40 AM
|
#10
|
|
LQ Newbie
Registered: Feb 2007
Posts: 6
Original Poster
Rep:
|
Yeah I've tried 3 different ftp servers. All the same results. The strange thing is, I was using an older server originally but it had the same setup exactly, and there were no problems.
ip_conntrack_ftp is not in lsmod
And yes it does work on other ports. How strange eh?
|
|
|
|
|
02-22-2007, 12:04 PM
|
#11
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Yes indeed
Ok next try, launching proftp in debug mode:
/etc/init.d/proftpd stop
proftpd -n -d 10 &> /tmp/damned.log
on the client, connect . I mean try 
As soon as you get the 421 message, ctrl-c on the proftpd.
Maybe more info in /tmp/damned.log ? |
|
|
|
|
02-22-2007, 12:07 PM
|
#12
|
|
Senior Member
Registered: Sep 2005
Location: Out
Posts: 3,307
Rep:
|
Second thing to try.
Download netcat
apt-get install netcat
Stop proftp and "mimic" an ftp server with netcat
/etc/init.d/proftpd stop
This is your new ftp server:
nc -l -vv -p 21
In an other shell, try this:
nc -vv localhost 21
<type a few things and press enter> you should see the message on the netcat ftp server
and also
ftp localhost
Also what other ports have you tried? <1024?
And you did it with the same client ?
/usr/bin/ftp localhost 37 for example
Last edited by nx5000; 02-22-2007 at 12:09 PM.
|
|
|
|
|
02-22-2007, 01:27 PM
|
#13
|
|
LQ Newbie
Registered: Feb 2007
Posts: 6
Original Poster
Rep:
|
Its working now! A co-worker of mine who is much more versed in Linux than I am tried his hand at it (its a slow day here. lol)
This is what it looks like happened:
I had originally set proftpd to start with inetd. For whatever reason it doesn't seem to work that way, so I set it up as a standalone program. But I guess in my lack of linux knowledge, I didn't take it out of inetd so it was trying to start it both ways. We figured it out from checking the syslog file. It was saying:
Code:
Feb 22 14:12:24 localhost proftpd[1342]: connect from 192.168.0.75 (192.168.0.75)
Feb 22 14:12:25 localhost proftpd[1343]: localhost.localdomain - Failed binding to 0.0.0.0, port 21: Address already in use
Feb 22 14:12:25 localhost proftpd[1343]: localhost.localdomain - Check the ServerType directive to ensure you are configured correctly.
Again, thanks a lot for you help! |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 10:04 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
