I can start VSFTPD manually on my Linux box and then do a

ftp -u localhost

and it seems to login and display the directories etc. without any problems. However, if I then change to my Windows XP box and do

ftp 127.21.1.101 (IP address assigned via LinkSys DHCP for my Linux box), I get:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Scott Forsgren>ftp 127.21.1.101
> ftp: connect :Unknown error number
ftp> user
Not connected.
ftp> open
To 127.21.1.101
> ftp: connect :Unknown error number
ftp>

Where would I look to see why it is failing?

Thanks

You can use the ftp -v command to get verbose output of the connection attempt. Sounds like a firewall problem though. Check iptables to see if you're allowing incoming ftp connections and check /etc/hosts.allow to see if tcpwrappers is the problem. There should probably be an entry like:

FTPD: xxx.xxx.xxx.xxx for your windowsXP boxes ip address.

It might also be your linksys router. If your trying to connect from outside the LAN you'll have to setup the Linksys to forward ftp connections to your linux box. If your trying to connect from the LAN side, it shouldn't block the traffic.

Hi Capt_Caveman,

Thanks for the ideas. I tried ftp -v but did not get any different output. For my Windows XP FTP, -v shows

-v Suppresses display of remote server responses.

I tried the -d option as well which says it enabled debugging information. Same thing.

I was able to get the Linksys port mapping working and I can access my FTP server from my AOL Account. I just cannot access it from the standard FTP utility on my Windows XP box accessing the FTP Server on my Linux box. So the easy part is not working (WinXP) but the hard part is (getting this all working from the external internet).

I checked hosts.allow and actually I do not have any entries in that file at all.

I know that my vsftpd.conf file does have tcpwrappers=yes. Is that part of the problem? Why would I be able to connect from external but not from my local Windows box?

Thanks again

Sorry, my bad. The -v option is for verbose output in Linux. If you can login from the outside, it sound like everything with the linux ftp daemon is alright. If you don't have any entries in either hosts.allow or hosts.deny, then tcpwrappers won't block any of the traffic, so that's alright. Double check the ip address of the linux box (use ifconfig command as root). But it sounds like the firewall though. Try this:

more /etc/sysconfig/iptables

Look for entries that involve ftp (port 21). You should see something that vaguely resembles this:

-A INPUT -p tcp --dport 21 -j ACCEPT

The INPUT, --dport 21, and ACCEPT part are what you're looking for. My guess is that because your Linksys router is also your DHCP server, it's ip address is punched through the filewall automatically. Your external traffic might be getting masqueraded by the router, but your local LAN traffic isn't, so you may have to add an iptables entry for your LAN addresses. Any error messages will likely go to /var/log/messages or /var/log/secure. But the vsFTP.conf file should have an entry telling you where the error messages are logged to by default.

I do not have an iptables in /etc/sysconfig. I found an iptables script in /etc/rc.d/init.d, but nothing in /etc/sysconfig. I looked at the script and it shows /etc/sysconfig as the correct location, but no file. Should there be?

The only thing I do find in /var/log/messages that looks out of order is:

Apr 27 14:38:24 localhost vsftpd: warning: can't get client address: Bad file descriptor

Thoughts?

Thanks!

>but nothing in /etc/sysconfig

That's odd. I double checked the location at the Redhat website to see if they moved it or something in RH9, but it said that it should be in the same place(/etc/sysconfig/iptables). You might not have enabled the firewall when you installed. Anyway it doesn't really matter for now, just do:

service iptables stop

to turn off iptables for now. See if that makes a difference. Also, from your windows box, try to ftp to the external ip address that is assigned to the router (you can find it using the Linksys web-administration interface).

Other things to try:
1. See if you can telnet to port 21 of the linux box. If you can, that means the windows FTP client is the problem.
Just do telnet 127.21.1.101 21
If it works, you'll see a greeting banner. If not, you won't see anything.

2. See if you can ping the linux box from windows.

Ah, I didn't realize that the iptables was only created if I had the firewall enabled. I had disabled it for some other debugging. I re-enabled it and now see:

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT

I did do the stop and then tried to connect again but still got the same unknown connect error.

If I FTP to the IP Address of the router from my XP box much like I did from AOL externally, that works fine. I just cannot go directly to the Linux box via IP address.

Using telnet, I get

Could not open connection to host port 21: Connect failed.

So something going on with getting to the box or port 21. ping works fine.

Thanks Capt_Caveman!

I don't think this is the problem, but put an entry in /etc/hosts.allow like this:

vsftpd: ALL

I added it and restarted vsftpd but still have the same problem. Hmm.. Ugly. Thanks for the advice!

I think the problem has to do with the way the Linksys is doing its routing. If you're absolutely set on being able to access it by its internal LAN address, take a look at the documentation for the router at the Linksys site and try to do forwarding a different way. I think there are at least 2 options, standard port forwarding and uPnP. I actually realized that I have a similar problem occuring with a webserver on a LAN at work (I just never tested it from inside) and it has to do with the way the NAT is setup (specifically that SNAT'ing isn't setup). I think if you setup uPNP and static LAN addresses for the internal boxes, it can route the internal requests. If that doesn't work, I would recommend a large sledgehammer or 2x4 with a spike through it.

Thanks for the advice. I think I am going for the sledgehammer! Appreciate the comments.