vsftpd connecting problem

tr0gd0O0r · 12-04-2003, 02:03 PM

I'm trying to set up a ftp server so that I can save files directly to my hard drive from other computers. I'm living in college dorms and connected to the college network. I'm having problems connecting to my computer. vsftpd tells me its working and when i connect (ftp localhost) to localhost from my computer it works fine. If i try to connect to my ip # (ftp xxx.xxx.xxx.x) then it doesn't work. doesn't matter if its from my computer or another one of the network. I'm running RH9 on my computer and all the computers on the network run some version of windows. Any ideas on what I need to do?

Secondly, I was wondering if I would be better advised to use SSH (all the computers in the labs on campus have SSH clients on them) If so can someone point me in the right direction on setting that up?

david_ross · 12-04-2003, 02:17 PM

ssh and scp (secure copy) would be more secure. See:
http://www.openssh.org

How you install/set it up will probably depend on your distro (it's good idea to add it to your profile).

For your ftp problem Check that it is listening on all interfaces not just the loopback:
netstat -nlp

And that you don't have a firewall blocking port 21:
iptables -nL

If you are unsure then post the output of those two commands.

tr0gd0O0r · 12-04-2003, 03:23 PM

Is it possible that the admins on the college networks have port 21 closed on their computers? If so would that mean it would be impossible for me to ftp regardless. I'm sure I can get port 21 open on my computer, but the labs are what I'm wondering about.

t3___ · 12-04-2003, 06:52 PM

vsftpd allows you to specify the port it coms on... check out the manual. can you ping the machine from other boxes? are you having login failures or can you simply not connect to the host (try telnet, ping, and other connectivity tests).

tr0gd0O0r · 12-04-2003, 10:27 PM

heres netstat -nlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN 2670/
tcp 0 0 127.0.0.1:1025 0.0.0.0:* LISTEN 2788/xinetd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2651/
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 3022/X
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2798/vsftpd
tcp 0 0 0.0.0.0:1302 0.0.0.0:* LISTEN 2810/lexlmd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2774/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 2869/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2830/
udp 0 0 0.0.0.0:1024 0.0.0.0:* 2670/
udp 0 0 0.0.0.0:68 0.0.0.0:* 2575/dhclient
udp 0 0 0.0.0.0:726 0.0.0.0:* 2670/
udp 0 0 0.0.0.0:111 0.0.0.0:* 2651/
udp 0 0 0.0.0.0:631 0.0.0.0:* 2869/cupsd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 3305 3022/X /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 3384 3091/ssh-agent /tmp/ssh-XXyBRnMw/agent.3031
unix 2 [ ACC ] STREAM LISTENING 3819 3146/kdeinit: dcops /tmp/.ICE-unix/dcop3146-1070563573
unix 2 [ ACC ] STREAM LISTENING 3968 3175/kdeinit: ksmse /tmp/.ICE-unix/3175
unix 2 [ ACC ] STREAM LISTENING 3040 2849/gpm /dev/gpmctl
unix 2 [ ACC ] STREAM LISTENING 3153 2929/ /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 3931 3163/artsd /tmp/mcop-root/localhost_localdomain-0c5b-3fcf80fa
unix 2 [ ACC ] STREAM LISTENING 3295 2978/ /tmp/.gdm_socket
unix 2 [ ACC ] STREAM LISTENING 4192 3189/soffice.bin /tmp/OSL_PIPE_0_SingleOfficeIPC_e31798b4554fdedd4fea48cd4e93b7
unix 2 [ ACC ] STREAM LISTENING 3812 3143/kdeinit: Runni /tmp/ksocket-root/kdeinit-:0
unix 2 [ ACC ] STREAM LISTENING 3842 3149/kdeinit: klaun /tmp/ksocket-root/klauncherAoR0kb.slave-socket

and heres iptables -nL

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- 198.137.145.3 0.0.0.0/0 udp spt:53 dpts:1025:65535
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 flags:0x16/0x02
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:6000:6009 flags:0x16/0x02 reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7100 flags:0x16/0x02 reject-with icmp-port-unreachable

so whats it say?

david_ross · 12-05-2003, 12:41 PM

Try flushing your iptables rules:
iptables -F

and then connecting to ftp via your ip.

tr0gd0O0r · 12-07-2003, 11:45 PM

I flushed my iptables but that didn't work. I'm still having the same problem. I try to connect to my ip via ftp and it doesnt work. I've pinged myself and got 100% packet loss, that sounds bad. Ring any bells to any of you what to do tho? here are my ip tables just in case you might need ta see em.

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination

GraemeK · 12-08-2003, 05:09 AM

um? what IP range are you using? might seem a silly question but are you on the same subnet?

I've got ftp working on RH9 no problems. was the easiest thing i did

i'd try to get a ping going first before ftp. it sounds like it isnt an ftp problem but more of a connection problem. if your pc is connected to a DHCP server at college then the IP address should be fine. try turning off Iptables and see if you get a ping? if then thats your problem!

G

tr0gd0O0r · 12-08-2003, 08:53 AM

I agree it sounds like a connectin problem, cuz i've set this up elsewhere before also. How would I go about turning my iptables off?

GraemeK · 12-08-2003, 09:08 AM

go to /etc/rc.d/init.d/

and type: ./ipchains (or iptables) stop

G

tr0gd0O0r · 12-08-2003, 10:46 AM

I'm at a different computer on our network here at school, and just for the heck of it tried pinging my computer. I got this result (from a windows box)

ping statistics for my ip:
Packets: Setn = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip time in milli-seconds:
Minimum= 0ms, Maximum = 0ms, Average = 0ms

is this a good thing? Should i st ill stop my iptables?

dubman · 12-08-2003, 11:13 AM

ssh and scp are the way to go, so long as your using key authentication. Much easier, faster, and more secure.

david_ross · 12-09-2003, 12:35 PM

Quote:

Originally posted by dubman
ssh and scp are the way to go, so long as your using key authentication. Much easier, faster, and more secure.

Not much good when your network ain't working though.

Post the output of this on hte linux box:
ifconfig
route -n

And this on the windows machine:
route print
ipconfig /all

tr0gd0O0r · 12-09-2003, 09:30 PM

heres the windows box

route pring:
Active routes
Network Address Netmask Gateway Address Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.2.69 1
10.0.0.0 255.255.252.0 10.0.2.69 10.0.2.66 1
10.0.2.69 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.0.2.69 10.0.2.69 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 224.0.0.0 10.0.2.69 10.0.2.69 1
255.255.255.255 255.255.255.255 10.0.2.69 10.0.2.69 1

for ipconfig its telling me there is a bad command name or file. Of course this computer is running like 95 or something so thatmaybe the problem or i may be doing the syntax incorrectly. I'm headed to my room right now to post the linux box.

tr0gd0O0r · 12-09-2003, 09:36 PM

Wow, that didn't turn out nearly as cleanly as I had planned. Can you make head or tails out of it? Either way heres the linux box info.

ifconfig

eth0 Link encap:Ethernet HWaddr 00:30:F1:01:2A:0B
inet addr:10.0.2.57 Bcast:10.0.3.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:856938 errors:0 dropped:0 overruns:0 frame:0
TX packets:12084 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:101923364 (97.2 Mb) TX bytes:1124561 (1.0 Mb)
Interrupt:10 Base address:0xf400

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:382 errors:0 dropped:0 overruns:0 frame:0
TX packets:382 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:37360 (36.4 Kb) TX bytes:37360 (36.4 Kb)

and here's route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.255.252.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0