I have been looking through here for some help on getting my vsftp setup to allow access from outside of my router (netgear) and spent several days looking here for 'vsftpd', 'vsftpd router', 'vsftpd.conf', 'ftp'. I've even done the RTFM routine with the man files. I'm not running iptable or ipchains on the system that the ftp is supposed to connect to and I'm still having problems. This is what I get when I try to get in from outside the firewall/router 421 Service not available. Connection closed by remote host.

Here are my config files; any help or guidance would be greatley appreciate:

vsftpd.conf

anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ftpd_banner=Welcome to FTP sinkhole
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES

-----------------
/etc/xinet.d/vsftpd

service ftp
{

disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10

}

---------------
/etc/pam.d/

auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed

---------------
chkconfig

vsftpd 0: off 1: off 2: off 3: on 4: off 5: on 6: off
xinetd based services:
vsftpd: on

---------------
netstat

tcp 0 0 *:ftp *:* LISTEN

---------------
router

Port # IP Address
21 192.168.0.2

---------------
/etc/group

ftp:x:50:
ftp-users:x:506: (this is for when I'm ready to set up specific users to use the ftp)

---------------

Have you forwarded port 21 from your router to port 21 on the linux box?

Since you will only be able to see your public address (the one the router has) from outside you need to forward the port to a port on a local machine inside your netowrk - in this case your server.

Because it's being run through xinetd listen should be no, yes is for standalone

listen=no


Other than that the rough order I'd do things

Check if I can ftp from the actual machine or another internal machine

Check the router has the appropriate ports open and is forwarding to the right place

Check for entries in hosts.allow/hosts.deny that may prevent connections

Double check firewall

router
port 21 192.168.0.2 (this is the linux machine behind the router)

I'm not saying it'll cure it but you've got to try,listen=yes is for standalone mode xinetd is trying to run vsftpd so it'll handle listening for you and their may be some conflict going on.

I will look at the listen= setting the router is set to forward
port 21 to 192.168.0.2 (this is the linux machine behind the router)
hosts.allow
ALL:192.168.0.0/255.255.255.224

hosts.deny
ALL:ALL

(root on 1 at aria)(/etc/init.d)-=>./vsftpd status
vsftpd dead but subsys locked


Is this what it supposed to look like?

and hosts.allow isn't letting anyone outside your local network access any services tcp_wrapped services like vsftpd


nope, the word "dead" is never a good sign Looks like there is a conflict

I've changed the listen to no and now I'm getting Connection closed by remote host

Just as a small side note; I have also tried the from a completely different external domain just incase it was the network I'm on may have been part of the problem

You'ure nearly there


hosts.allow


vsftpd:ALL

Pardon my 'cluelessness' on this but if I have different users that are on dhcp network; would I have to open up my entire system (i.e hosts.allow all:all)?

Plus you mentioned a 'conflict'; any ideas on what/where I can look for these?

No, but the main thing is to get it working at first

Another point, you have userlist_enable=YES

so if you've got a file with the users who you want to have access in it called

vsftpd.users_list


you should have

userlist_deny=no

You 'da' man! that did it!

So if I understand this fix correctly

vsftpd.conf should have listen=no
hosts.allow should have vsftpd:ALL

If you're letting people outside your network have access unless you know their IP addresses i.e they are static ip's you'd be aswell to leave the

vsftpd:ALL

as it is

If you want to allow access to only certain users create the file in /etc or something like /etc/vsftp if that's the directory you got, name it

vsftpd.user_list

add the name of the users who you want to allow access to the server to this file



and add

userlist_deny=no to vsftpd.conf

if you don't want to allow anonymous access set it to no although if you use the vsftpd.user_list thing and anonymous user isn't in the list theyll be denied access

Anyway...off you go



Oh and

chroot_local_user=YES

to keep users within they're home directory

Thank you all for your help and this trail of dialog is going into my fixit folder and on the box itself incase I goof it up again. Not to mention going to back up the /etc/ folder .

You folks are awesome and it's stuff like this that reaffirms my belief in the OS model and in general as a useful alternative to Wynblz.