VSFTPD problem
hi all
I have decide to run vsftpd on my redhat 9 and i can`t log ftp outside network [root@fradmin root]# ftp 192.168.1.223 Connected to 192.168.1.223. 220 (vsFTPd 1.1.3) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name (192.168.1.223:root): admin 331 Please specify the password. Password: 230 Login successful. Have fun. Remote system type is UNIX. Using binary mode to transfer files. ftp> [root@fradmin root]# ftp 85.117.62.128 Connected to 85.117.62.128. 220 FTPU ready. 500 Sorry, no such command. 500 Sorry, no such command. KERBEROS_V4 rejected as an authentication type Name (85.117.62.128:root): admin 331 Password required for admin. Password: 530 Login incorrect. Login failed. Remote system type is Ignored. ftp> bye 221 Have a nice day! [root@fradmin root]# vsftpd.conf file anonymous_enable=YES local_enable=YES local_umask=022 pasv_promiscuous=YES pasv_address=85.117.62.128 #anon_upload_enable=YES #anon_mkdir_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES #chown_uploads=YES #chown_username=whoever #xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES #idle_session_timeout=600 #data_connection_timeout=120 #nopriv_user=ftpsecure #async_abor_enable=YES #ascii_upload_enable=YES #ascii_download_enable=YES #deny_email_enable=YES #banned_email_file=/etc/vsftpd.banned_emails #chroot_list_enable=YES #chroot_list_file=/etc/vsftpd.chroot_list #ls_recurse_enable=YES pam_service_name=vsftpd userlist_enable=YES #enable for standalone mode listen=YES tcp_wrappers=YES # pasv_min_port=65530 # pasv_max_port=65535 #one_process_model=YES accept_timeout=60 connect_timeout=60 #hide_ids=YES #anon_max_rate=50000 ftp starts from init.d can anybody help me??? |
pls........................................
|
I don't know if this has anything to do with it or not, but I do not think you should be logging in as root from a remote site. Maybe vsftp is smart enough to not allow that.
|
Check your /etc/ftpusers and see if root is listed there. That may be blocking it. That said, rickh is 100% right on target. You should NEVER, EVER allow the root user to have FTP access.
|
Quote:
I'd suggest the OP try setting up a local user account and try logging in there remotely. |
But what must i do to mend it?
U mean that user with lower right will access it? i don`t think so as even the ananymous users cant access ftp. But at this moment no user can enter my server outside the local network. mean while there is no problem inside local users. Can anybody give me a config file of firewall settings Thnx in advance |
i think that u cant get me right, the main problem is that users cant enter my server outside network through external ip
|
So what is between your server and the Internet. Firewall? Router?
|
there is a router
|
Quote:
Have you set up the router for port forwarding for FTP? And this time include some details. |
okey i`ll reply cisco config
|
First things first, I doubt the hardware router/firewall or the iptables firewall on the server itself is affecting the conneciton to the VSFTPD server, as he is getting prompted to login from the VSFTPD server, from both inside and outside the network.
I would however like to know what FTP Client(s) you trying to connect with. Is it the same for both the inside and outside connection attempts? When you were connecting from inside your network, were you connecting From you Server, to your Server, or were you using a completely different workstation? Please provide some more detail as to exactly what you were doing. |
I almost forgot one thing, in your VSFTPD.conf file, under the "#enable for standalone mode" section at the bottom, try adding the following line and restarting the VSFTPD Server.
pasv_enable=YES Most FTP Clients attempt to connect via this method. |
Quote:
Of course, I've been wrong plenty before, so we'll have to see what pops up. |
hi all thnx for answering:))
there was a problem on other side of my network via 5 hops and there is a GW, ftp port forwarding was not allowed:)) best regards |
All times are GMT -5. The time now is 09:22 PM. |