LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-07-2003, 07:47 AM   #1
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Rep: Reputation: 17
vsftpd, router and external access; Oh my!


I have been looking through here for some help on getting my vsftp setup to allow access from outside of my router (netgear) and spent several days looking here for 'vsftpd', 'vsftpd router', 'vsftpd.conf', 'ftp'. I've even done the RTFM routine with the man files. I'm not running iptable or ipchains on the system that the ftp is supposed to connect to and I'm still having problems. This is what I get when I try to get in from outside the firewall/router 421 Service not available. Connection closed by remote host.

Here are my config files; any help or guidance would be greatley appreciate:

vsftpd.conf

anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ftpd_banner=Welcome to FTP sinkhole
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES

-----------------
/etc/xinet.d/vsftpd

service ftp
{

disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10

}

---------------
/etc/pam.d/

auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed

---------------
chkconfig

vsftpd 0: off 1: off 2: off 3: on 4: off 5: on 6: off
xinetd based services:
vsftpd: on

---------------
netstat

tcp 0 0 *:ftp *:* LISTEN

---------------
router

Port # IP Address
21 192.168.0.2

---------------
/etc/group

ftp:x:50:
ftp-users:x:506: (this is for when I'm ready to set up specific users to use the ftp)

---------------

Last edited by Imyrryr; 09-07-2003 at 07:49 AM.
 
Old 09-07-2003, 07:54 AM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Have you forwarded port 21 from your router to port 21 on the linux box?

Since you will only be able to see your public address (the one the router has) from outside you need to forward the port to a port on a local machine inside your netowrk - in this case your server.
 
Old 09-07-2003, 07:58 AM   #3
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
Because it's being run through xinetd listen should be no, yes is for standalone

listen=no


Other than that the rough order I'd do things

Check if I can ftp from the actual machine or another internal machine

Check the router has the appropriate ports open and is forwarding to the right place

Check for entries in hosts.allow/hosts.deny that may prevent connections

Double check firewall
 
Old 09-07-2003, 08:05 AM   #4
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Original Poster
Rep: Reputation: 17
Quote:
Originally posted by david_ross
Have you forwarded port 21 from your router to port 21 on the linux box?

Since you will only be able to see your public address (the one the router has) from outside you need to forward the port to a port on a local machine inside your netowrk - in this case your server.
router
port 21 192.168.0.2 (this is the linux machine behind the router)
 
Old 09-07-2003, 08:08 AM   #5
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
I'm not saying it'll cure it but you've got to try,listen=yes is for standalone mode xinetd is trying to run vsftpd so it'll handle listening for you and their may be some conflict going on.
 
Old 09-07-2003, 08:11 AM   #6
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Original Poster
Rep: Reputation: 17
Quote:
Originally posted by Looking_Lost
Because it's being run through xinetd listen should be no, yes is for standalone

listen=no


Other than that the rough order I'd do things

Check if I can ftp from the actual machine or another internal machine

Check the router has the appropriate ports open and is forwarding to the right place

Check for entries in hosts.allow/hosts.deny that may prevent connections

Double check firewall
I will look at the listen= setting the router is set to forward
port 21 to 192.168.0.2 (this is the linux machine behind the router)
hosts.allow
ALL:192.168.0.0/255.255.255.224

hosts.deny
ALL:ALL
 
Old 09-07-2003, 08:19 AM   #7
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Original Poster
Rep: Reputation: 17
(root on 1 at aria)(/etc/init.d)-=>./vsftpd status
vsftpd dead but subsys locked


Is this what it supposed to look like?
 
Old 09-07-2003, 08:21 AM   #8
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
and hosts.allow isn't letting anyone outside your local network access any services tcp_wrapped services like vsftpd


nope, the word "dead" is never a good sign Looks like there is a conflict
 
Old 09-07-2003, 08:22 AM   #9
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Original Poster
Rep: Reputation: 17
Quote:
Originally posted by Imyrryr
I will look at the listen= setting the router is set to forward
port 21 to 192.168.0.2 (this is the linux machine behind the router)
hosts.allow
ALL:192.168.0.0/255.255.255.224

hosts.deny
ALL:ALL
I've changed the listen to no and now I'm getting Connection closed by remote host

Just as a small side note; I have also tried the from a completely different external domain just incase it was the network I'm on may have been part of the problem
 
Old 09-07-2003, 08:23 AM   #10
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
You'ure nearly there


hosts.allow


vsftpd:ALL
 
Old 09-07-2003, 08:31 AM   #11
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Original Poster
Rep: Reputation: 17
Quote:
Originally posted by Looking_Lost
and hosts.allow isn't letting anyone outside your local network access any services tcp_wrapped services like vsftpd


nope, the word "dead" is never a good sign Looks like there is a conflict
Pardon my 'cluelessness' on this but if I have different users that are on dhcp network; would I have to open up my entire system (i.e hosts.allow all:all)?

Plus you mentioned a 'conflict'; any ideas on what/where I can look for these?
 
Old 09-07-2003, 08:36 AM   #12
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
No, but the main thing is to get it working at first

Another point, you have userlist_enable=YES

so if you've got a file with the users who you want to have access in it called

vsftpd.users_list


you should have

userlist_deny=no
 
Old 09-07-2003, 08:47 AM   #13
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Original Poster
Rep: Reputation: 17
Thumbs up

Quote:
Originally posted by Looking_Lost
You're nearly there


hosts.allow


vsftpd:ALL
You 'da' man! that did it!

So if I understand this fix correctly

vsftpd.conf should have listen=no
hosts.allow should have vsftpd:ALL
 
Old 09-07-2003, 09:02 AM   #14
Looking_Lost
Senior Member
 
Registered: Apr 2003
Location: Eire
Distribution: Slackware 12.0, OpenSuse 10.3
Posts: 1,120

Rep: Reputation: 45
If you're letting people outside your network have access unless you know their IP addresses i.e they are static ip's you'd be aswell to leave the

vsftpd:ALL

as it is

If you want to allow access to only certain users create the file in /etc or something like /etc/vsftp if that's the directory you got, name it

vsftpd.user_list

add the name of the users who you want to allow access to the server to this file



and add

userlist_deny=no to vsftpd.conf

if you don't want to allow anonymous access set it to no although if you use the vsftpd.user_list thing and anonymous user isn't in the list theyll be denied access

Anyway...off you go



Oh and

chroot_local_user=YES

to keep users within they're home directory

Last edited by Looking_Lost; 09-07-2003 at 09:04 AM.
 
Old 09-07-2003, 09:22 AM   #15
Imyrryr
Member
 
Registered: Aug 2003
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140

Original Poster
Rep: Reputation: 17
Exclamation

Thank you all for your help and this trail of dialog is going into my fixit folder and on the box itself incase I goof it up again. Not to mention going to back up the /etc/ folder .

You folks are awesome and it's stuff like this that reaffirms my belief in the OS model and in general as a useful alternative to Wynblz.

Last edited by Imyrryr; 09-07-2003 at 09:23 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd behind router not working in some cases setdosa Linux - Networking 9 05-09-2008 09:22 AM
vsftpd only can access for internal but not external bbmak Linux - Software 9 04-29-2005 08:36 PM
vsftpd not allowing external access bubby Linux - Software 8 12-06-2004 11:48 AM
vsftpd hiding behind router claudermilk Linux - Networking 5 04-09-2004 12:50 PM
VSFTPD and DSL router probs nuzzy Linux - Networking 0 02-11-2004 10:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration