Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140
Rep:
vsftpd, router and external access; Oh my!
I have been looking through here for some help on getting my vsftp setup to allow access from outside of my router (netgear) and spent several days looking here for 'vsftpd', 'vsftpd router', 'vsftpd.conf', 'ftp'. I've even done the RTFM routine with the man files. I'm not running iptable or ipchains on the system that the ftp is supposed to connect to and I'm still having problems. This is what I get when I try to get in from outside the firewall/router 421 Service not available. Connection closed by remote host.
Here are my config files; any help or guidance would be greatley appreciate:
vsftpd.conf
Have you forwarded port 21 from your router to port 21 on the linux box?
Since you will only be able to see your public address (the one the router has) from outside you need to forward the port to a port on a local machine inside your netowrk - in this case your server.
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140
Original Poster
Rep:
Quote:
Originally posted by david_ross Have you forwarded port 21 from your router to port 21 on the linux box?
Since you will only be able to see your public address (the one the router has) from outside you need to forward the port to a port on a local machine inside your netowrk - in this case your server.
router
port 21 192.168.0.2 (this is the linux machine behind the router)
I'm not saying it'll cure it but you've got to try,listen=yes is for standalone mode xinetd is trying to run vsftpd so it'll handle listening for you and their may be some conflict going on.
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140
Original Poster
Rep:
Quote:
Originally posted by Looking_Lost Because it's being run through xinetd listen should be no, yes is for standalone
listen=no
Other than that the rough order I'd do things
Check if I can ftp from the actual machine or another internal machine
Check the router has the appropriate ports open and is forwarding to the right place
Check for entries in hosts.allow/hosts.deny that may prevent connections
Double check firewall
I will look at the listen= setting the router is set to forward
port 21 to 192.168.0.2 (this is the linux machine behind the router)
hosts.allow
ALL:192.168.0.0/255.255.255.224
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140
Original Poster
Rep:
Quote:
Originally posted by Imyrryr I will look at the listen= setting the router is set to forward
port 21 to 192.168.0.2 (this is the linux machine behind the router)
hosts.allow
ALL:192.168.0.0/255.255.255.224
hosts.deny
ALL:ALL
I've changed the listen to no and now I'm getting Connection closed by remote host
Just as a small side note; I have also tried the from a completely different external domain just incase it was the network I'm on may have been part of the problem
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140
Original Poster
Rep:
Quote:
Originally posted by Looking_Lost and hosts.allow isn't letting anyone outside your local network access any services tcp_wrapped services like vsftpd
nope, the word "dead" is never a good sign Looks like there is a conflict
Pardon my 'cluelessness' on this but if I have different users that are on dhcp network; would I have to open up my entire system (i.e hosts.allow all:all)?
Plus you mentioned a 'conflict'; any ideas on what/where I can look for these?
If you're letting people outside your network have access unless you know their IP addresses i.e they are static ip's you'd be aswell to leave the
vsftpd:ALL
as it is
If you want to allow access to only certain users create the file in /etc or something like /etc/vsftp if that's the directory you got, name it
vsftpd.user_list
add the name of the users who you want to allow access to the server to this file
and add
userlist_deny=no to vsftpd.conf
if you don't want to allow anonymous access set it to no although if you use the vsftpd.user_list thing and anonymous user isn't in the list theyll be denied access
Anyway...off you go
Oh and
chroot_local_user=YES
to keep users within they're home directory
Last edited by Looking_Lost; 09-07-2003 at 09:04 AM.
Location: 3rd electron on the left getting mugged by the nutrinos at Quarks
Distribution: Pop_OS
Posts: 140
Original Poster
Rep:
Thank you all for your help and this trail of dialog is going into my fixit folder and on the box itself incase I goof it up again. Not to mention going to back up the /etc/ folder .
You folks are awesome and it's stuff like this that reaffirms my belief in the OS model and in general as a useful alternative to Wynblz.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.