LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices



Reply
 
Search this Thread
Old 12-05-2004, 10:18 AM   #1
bubby
LQ Newbie
 
Registered: Aug 2003
Location: Stillwater, OK
Distribution: Red Hat Fedora Core 3
Posts: 5

Rep: Reputation: 0
Question vsftpd not allowing external access


I am running RH Fedora Core 3. I installed FTP from the install CDs. I have port 21 forwarding on my router and the linux firewall has ftp open. The vsftpd.conf file shows anonymous_enable=YES and local_enable=YES.

Here's the weird part...
From a command prompt, I can type "ftp localhost" and connect using my username and pwd.

From my windows machine, I can connect using ws_ftp and the internal 192.168... NAT address using my username and pwd.

When I try to connect using my server address (i.e. myserver.myhost.org), I can't connect. Most of the time, ws_ftp spins its wheels and will give me the connect sound (train whistle) after about three minutes but it obviously isn't connected since it doesn't show any files or folders. I was noodling with the conf file and set anonymous_enable=NO and ws_ftp gave me an "unable to connect" error rather quickly. I have also tried setting connect_from_port_20=NO (it's currently set to YES) and restarting the service but that didn't help.

I have reset the config file to its defaults. I'm relatively new to linux and don't want to break anything.

What am I missing? vsftpd is obviously running but it will only listen to internal requests.

Thanks,
Joe Fusco
 
Old 12-05-2004, 10:27 AM   #2
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
vsftpd doesn't know the difference from internal or external requests from your setup. If you're sure port 21 is forwarding to your server from your router, you now need to make sure your ISP doesn't block port 21, etc. What kind of router is this?
 
Old 12-05-2004, 02:19 PM   #3
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 57
On several distributions, the default for xinetd is to have "only_from = localhost" set in xinetd.conf. If you have vsftpd launched from xinetd - as opposed to running as a daemon - you should have a look at this file and the vsftpd xinetd.d entry to make sure they allow external access.


Håkan
 
Old 12-05-2004, 08:29 PM   #4
bubby
LQ Newbie
 
Registered: Aug 2003
Location: Stillwater, OK
Distribution: Red Hat Fedora Core 3
Posts: 5

Original Poster
Rep: Reputation: 0
It's a linksys befsr41 cable/dsl router. I can check on port blocking, that makes sense. I'll look and see how to specify listening on another port and maybe try that, too (unless you can give me a hint).

I didn't find a vsftpd entry in xinetd.d. Is there anything wrong with running it as a daemon?

Thanks
 
Old 12-05-2004, 08:38 PM   #5
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 199Reputation: 199
Quote:
Originally posted by bubby
I didn't find a vsftpd entry in xinetd.d. Is there anything wrong with running it as a daemon?
There is absolutely nothing wrong running it in standalone mode.

But yes, try to set it up so it possibly listens on port say.. 2121, if that works after forwarding that port to your server, it could very well be that your ISP blocks port 21 to prevent people from running FTP servers, etc.
 
Old 12-05-2004, 10:35 PM   #6
mrcheeks
Senior Member
 
Registered: Mar 2004
Location: far enough
Distribution: OS X 10.6.7
Posts: 1,690

Rep: Reputation: 50
might be funny but
- do you have a firewall?
- is the firewall accepting incoming connections on ftp port number?
- like trickykid said could be your isp too you can try different ports. If you don't run a web server try to run ftp server on port 80.

Last edited by mrcheeks; 12-05-2004 at 10:37 PM.
 
Old 12-06-2004, 09:29 AM   #7
bubby
LQ Newbie
 
Registered: Aug 2003
Location: Stillwater, OK
Distribution: Red Hat Fedora Core 3
Posts: 5

Original Poster
Rep: Reputation: 0
No firewall. The Fedora firewall is set to allow FTP.

I went to Shields Up!! (https://grc.com/x/ne.dll?bh0bkyd2) and probed port 21. At first, it came back as open. I read some information about port 20 & 21 related ot FTP and decided to probe ports 20-22. 20 came back open but 21 came back as "stealth." According to the description, "Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). "

Does this mean it's being blocked? Or does it mean my system is not configured properly?

Incidentally, SSH and port 22 work fine.

I also tried running it on port 2121 but that even failed with the internal NAT address.
 
Old 12-06-2004, 12:38 PM   #8
bubby
LQ Newbie
 
Registered: Aug 2003
Location: Stillwater, OK
Distribution: Red Hat Fedora Core 3
Posts: 5

Original Poster
Rep: Reputation: 0
This is interesting...

As I first stated, ws_ftp is indicating that it connects using the server name but it doesn't list any files. I decided to test the connection and send a small file.

The file didn't upload successfully, but the server *did* create a zero-length file of the same name.

So, there's a connection being established but not completely... any thoughts?
 
Old 12-06-2004, 12:48 PM   #9
bubby
LQ Newbie
 
Registered: Aug 2003
Location: Stillwater, OK
Distribution: Red Hat Fedora Core 3
Posts: 5

Original Poster
Rep: Reputation: 0
Here's the connection log from ws_ftp if it's helpful (IPs and names hidden)

Finding Host unclebubby.dnsalias.org ...
Connecting to xxx.xxx.xxx.xxx:21
Connected to xxx.xxx.xxx.xxx:21 in 0.000000 seconds, Waiting for Server Response
220 (vsFTPd 2.0.1)
Host type (1): Automatic Detect
USER user
331 Please specify the password.
PASS (hidden)
230 Login successful.
SYST
215 UNIX Type: L8
Host type (2): Unix (Standard)
PWD
257 "/home/user"
CWD /home/user
250 Directory successfully changed.
PWD
257 "/home/user"
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (192,168,1,99,190,15)
connecting data channel to 192.168.1.99:190,15(48655)
Substituting connection address xxx.xxx.xxx.xxx for private address 192.168.1.99 from PASV
PORT 192,168,1,98,15,84
200 PORT command successful. Consider using PASV.
LIST
425 Failed to establish connection.

Could it be that I'm connecting from the same IP and it doesn't like that I'm routing outside to come back in? I'll try connecting from a remote computer and see how it goes.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
allowing rsh access uerden Linux - Networking 5 11-08-2006 03:15 PM
vsftpd only can access for internal but not external bbmak Linux - Software 9 04-29-2005 09:36 PM
vsftpd not allowing users to log in Rokkun Linux - Software 6 11-14-2004 08:46 PM
vsftpd config- permissions, allowing uploads lynchpin9 Linux - Networking 1 10-20-2003 02:13 PM
vsftpd, router and external access; Oh my! Imyrryr Linux - Networking 14 09-07-2003 10:22 AM


All times are GMT -5. The time now is 11:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration