VSFTPD Running But Cannot Connect from another machine
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
VSFTPD Running But Cannot Connect from another machine
I can start VSFTPD manually on my Linux box and then do a
ftp -u localhost
and it seems to login and display the directories etc. without any problems. However, if I then change to my Windows XP box and do
ftp 127.21.1.101 (IP address assigned via LinkSys DHCP for my Linux box), I get:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Scott Forsgren>ftp 127.21.1.101
> ftp: connect :Unknown error number
ftp> user
Not connected.
ftp> open
To 127.21.1.101
> ftp: connect :Unknown error number
ftp>
You can use the ftp -v command to get verbose output of the connection attempt. Sounds like a firewall problem though. Check iptables to see if you're allowing incoming ftp connections and check /etc/hosts.allow to see if tcpwrappers is the problem. There should probably be an entry like:
FTPD: xxx.xxx.xxx.xxx for your windowsXP boxes ip address.
It might also be your linksys router. If your trying to connect from outside the LAN you'll have to setup the Linksys to forward ftp connections to your linux box. If your trying to connect from the LAN side, it shouldn't block the traffic.
Thanks for the ideas. I tried ftp -v but did not get any different output. For my Windows XP FTP, -v shows
-v Suppresses display of remote server responses.
I tried the -d option as well which says it enabled debugging information. Same thing.
I was able to get the Linksys port mapping working and I can access my FTP server from my AOL Account. I just cannot access it from the standard FTP utility on my Windows XP box accessing the FTP Server on my Linux box. So the easy part is not working (WinXP) but the hard part is (getting this all working from the external internet).
I checked hosts.allow and actually I do not have any entries in that file at all.
I know that my vsftpd.conf file does have tcpwrappers=yes. Is that part of the problem? Why would I be able to connect from external but not from my local Windows box?
Sorry, my bad. The -v option is for verbose output in Linux. If you can login from the outside, it sound like everything with the linux ftp daemon is alright. If you don't have any entries in either hosts.allow or hosts.deny, then tcpwrappers won't block any of the traffic, so that's alright. Double check the ip address of the linux box (use ifconfig command as root). But it sounds like the firewall though. Try this:
more /etc/sysconfig/iptables
Look for entries that involve ftp (port 21). You should see something that vaguely resembles this:
-A INPUT -p tcp --dport 21 -j ACCEPT
The INPUT, --dport 21, and ACCEPT part are what you're looking for. My guess is that because your Linksys router is also your DHCP server, it's ip address is punched through the filewall automatically. Your external traffic might be getting masqueraded by the router, but your local LAN traffic isn't, so you may have to add an iptables entry for your LAN addresses. Any error messages will likely go to /var/log/messages or /var/log/secure. But the vsFTP.conf file should have an entry telling you where the error messages are logged to by default.
I do not have an iptables in /etc/sysconfig. I found an iptables script in /etc/rc.d/init.d, but nothing in /etc/sysconfig. I looked at the script and it shows /etc/sysconfig as the correct location, but no file. Should there be?
The only thing I do find in /var/log/messages that looks out of order is:
Apr 27 14:38:24 localhost vsftpd: warning: can't get client address: Bad file descriptor
That's odd. I double checked the location at the Redhat website to see if they moved it or something in RH9, but it said that it should be in the same place(/etc/sysconfig/iptables). You might not have enabled the firewall when you installed. Anyway it doesn't really matter for now, just do:
service iptables stop
to turn off iptables for now. See if that makes a difference. Also, from your windows box, try to ftp to the external ip address that is assigned to the router (you can find it using the Linksys web-administration interface).
Other things to try:
1. See if you can telnet to port 21 of the linux box. If you can, that means the windows FTP client is the problem.
Just do telnet 127.21.1.101 21
If it works, you'll see a greeting banner. If not, you won't see anything.
2. See if you can ping the linux box from windows.
Ah, I didn't realize that the iptables was only created if I had the firewall enabled. I had disabled it for some other debugging. I re-enabled it and now see:
I did do the stop and then tried to connect again but still got the same unknown connect error.
If I FTP to the IP Address of the router from my XP box much like I did from AOL externally, that works fine. I just cannot go directly to the Linux box via IP address.
Using telnet, I get
Could not open connection to host port 21: Connect failed.
So something going on with getting to the box or port 21. ping works fine.
I think the problem has to do with the way the Linksys is doing its routing. If you're absolutely set on being able to access it by its internal LAN address, take a look at the documentation for the router at the Linksys site and try to do forwarding a different way. I think there are at least 2 options, standard port forwarding and uPnP. I actually realized that I have a similar problem occuring with a webserver on a LAN at work (I just never tested it from inside) and it has to do with the way the NAT is setup (specifically that SNAT'ing isn't setup). I think if you setup uPNP and static LAN addresses for the internal boxes, it can route the internal requests. If that doesn't work, I would recommend a large sledgehammer or 2x4 with a spike through it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.