proftpd - localhost works. but can't connect from a PC on the network

cevjr · 02-05-2004, 01:18 PM

I just started experimenting with proftpd and I tried ftp localhost to see if it works and it does!
However, when testing - I tried to connect from a laptop on the local network I could not.

I am a home user sitting behind a NAT/router.
I am using Verizon DSL
I have slackware 9.0
So far I have:
* deleted ftp from /etc/ftpusers
* added the local IP address of my laptop (192.168.x.x) to /etc/hosts.allow
* enabled portforwarding on my router / ftp - port21 -
* opened port 21 on my firewall

What should I do now to connect from my laptop on my local network?
And would I have to do anything different if connecting from outside my LAN?

Thanks
-C

artur · 02-05-2004, 07:37 PM

check what's in /var/log/messages - anything related to ftp?
check proftpd.conf anything there that would disallow remote access?
You don't mention what exactly happens when you try to connect. Do you get a login prompt? Do you get a password prompt?
You could try running tcpdump on server machine to capture the traffic and see what happens.
Is your firewall open on the server for port 21? Might also want to forward and open on f/w port 20 that's also used by ftp.
Post more details

Nic-MDKman · 02-06-2004, 01:52 PM

I am having the same problem, and I have port 20 (as well as 21) forwarded in my router's virtual server configuration.

The FTP server connects, but then I get an error that says unable to build data connection when I try LIST. The problem appears to be that port 20 is not open.

I ran netstat -tanp and it shows proftpd watching port 21, but not port 20, and I tested to see if port 20 would open by trying to telnet to 192.168.0.x (my machine's IP) and it says connection refused.

g-rod · 02-06-2004, 04:07 PM

Check that you are not firewalling the connection.
iptables -L;
To clear all firewall rules as a test
iptables -F;
iptables -P INPUT ACCEPT;

Nic-MDKman · 02-06-2004, 04:18 PM

i removed iptables and shorewall

artur · 02-13-2004, 10:39 AM

Port 20 only gets open by ftpd for data transfers, so normally you will not see it open, only when there's a data being exchanged. Still your router should have the mapping for it enabled.
Are you able to connect to your ftp server from the local network? If yes, then I'd look at the router config. If no, then it is probably something on the server.
Do try
tcpdump -w dumpfile -s 0
to capture ftp traffic on the server and then
tcpdump -r dumpfile -nX | less
to see what got captured. I purposely do not use "port 21" or other options so taht all traffic is captured in case there's something funny going on. You should see your server send the login prompt, your client reply, server send password prompt, client reply and so on.

cevjr · 02-22-2004, 04:44 PM

Verizon does not stop your FTP connection. I was wrong! The problem I had was that the Netgear MR814 router that I use does not allow more than 1 connection on the forwarded port. Since I was trying to connect from inside my network...it was preventing me. However when I went outside my local network (someone elses house - it worked). If this does not make sense let me know or go to http://kbserver.netgear.com/kb_web_f...sp#RP614Anchor

So, to summarize what I did:

for anonymous connection no uploading!
use proftpd-1.2.8-1386-2
modify files
/etc/ftpusers (get rid of ftp)
/etc/proftpd.conf (use the basic conf)
remember to port forward on router ports 20 & 21
remember to open ports 20 & 21 on firewall

USE gFTP for an ftp client
IF LOCAL
on client side: log into 192.168.x.x and do not allow passive

IF WWW (make sure you are outside of your local network)
on client side: log into ipaddressverizongives.x.x.x and do not allow passive/try passive