hi all
I have decide to run vsftpd on my redhat 9
and i can`t log ftp outside network

[root@fradmin root]# ftp 192.168.1.223
Connected to 192.168.1.223.
220 (vsFTPd 1.1.3)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (192.168.1.223:root): admin
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>


[root@fradmin root]# ftp 85.117.62.128
Connected to 85.117.62.128.
220 FTPU ready.
500 Sorry, no such command.
500 Sorry, no such command.
KERBEROS_V4 rejected as an authentication type
Name (85.117.62.128:root): admin
331 Password required for admin.
Password:
530 Login incorrect.
Login failed.
Remote system type is Ignored.
ftp> bye
221 Have a nice day!
[root@fradmin root]#


vsftpd.conf file

anonymous_enable=YES
local_enable=YES
local_umask=022
pasv_promiscuous=YES
pasv_address=85.117.62.128
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
# pasv_min_port=65530
# pasv_max_port=65535
#one_process_model=YES
accept_timeout=60
connect_timeout=60
#hide_ids=YES
#anon_max_rate=50000

ftp starts from init.d

can anybody help me???

pls........................................

I don't know if this has anything to do with it or not, but I do not think you should be logging in as root from a remote site. Maybe vsftp is smart enough to not allow that.

Check your /etc/ftpusers and see if root is listed there. That may be blocking it. That said, rickh is 100% right on target. You should NEVER, EVER allow the root user to have FTP access.

Vsftpd won't let the privledged account log in.

I'd suggest the OP try setting up a local user account and try logging in there remotely.

But what must i do to mend it?
U mean that user with lower right will access it? i
don`t think so as even the ananymous users cant access
ftp.
But at this moment no user can enter my server outside
the local network.
mean while there is no problem inside local users.
Can anybody give me a config file of firewall settings
Thnx in advance

i think that u cant get me right, the main problem is that users cant enter my server outside network through external ip

So what is between your server and the Internet. Firewall? Router?

there is a router

Nobody here is a mind reader, a little bit more information would be helpful.....

Have you set up the router for port forwarding for FTP? And this time include some details.

First things first, I doubt the hardware router/firewall or the iptables firewall on the server itself is affecting the conneciton to the VSFTPD server, as he is getting prompted to login from the VSFTPD server, from both inside and outside the network.

I would however like to know what FTP Client(s) you trying to connect with. Is it the same for both the inside and outside connection attempts?

When you were connecting from inside your network, were you connecting From you Server, to your Server, or were you using a completely different workstation?

Please provide some more detail as to exactly what you were doing.

I almost forgot one thing, in your VSFTPD.conf file, under the "#enable for standalone mode" section at the bottom, try adding the following line and restarting the VSFTPD Server.


pasv_enable=YES


Most FTP Clients attempt to connect via this method.

I'm going to respectuflly disagree on this. If the clients are trying to connect in PASV mode (which is common), unless vsftp has been locked down to a set of ports and forwarding properly set up on the router, he may get something similar to what he is seeing here.

Of course, I've been wrong plenty before, so we'll have to see what pops up.

hi all thnx for answering)
there was a problem on other side of my network
via 5 hops and there is a GW, ftp port
forwarding was not allowed)

best regards