hi,
i got a problem which i can´t resolve.
running vsftpd -1.2.0 on a mandrake 9.2, newly installed two days ago.
followed all the above, and still got some problems. an other testsystem is a redhat 9, working fine for me.
both are the same installations, one by urpmi vsftpd (mandrake) and one installed from source.
so, when i try to connect to my mandrake -troublemaker, i can login, but can´t do a ls command. (working fine in redhat)
when i try to login and ls locally, it works fine. might it be a firewall problem?


client (ftp mydns.no-ip.com) says:

--snip--
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (82,82,97,252,214,72)
ftp: connect: Connection timed out
--snap--


and with ncftp mydns.no-ip.com:

--snip--
(vsFTPd 1.2.0)
Logging in...
Login successful. Have fun.
Sorry, I don't have help.
Logged in to flurman.no-ip.com.
ncftp / > ls
Data connection timed out.
Falling back to PORT instead of PASV mode.
List failed.
--snap--


nmap -sT mydns.no-ip.com tells me:

--snip--
(The 1593 ports scanned but not shown below are in state: filtered)
Port State Service
20/tcp closed ftp-data
21/tcp open ftp
22/tcp open ssh
80/tcp open http
113/tcp closed auth
135/tcp closed loc-srv
139/tcp closed netbios-ssn
445/tcp closed microsoft-ds
--snap--

i am using shorewall with opened port 20,21., like that:
(etc/shorewall/rules)
--snip--
ACCEPT net fw tcp ftp-data,21,22,80
--snap--

can someone tell me whats up with my mandrake box?

thanks in advance
malte

Try this.....

Here are my config files for anyone else that might be having the same question......

1. part

/etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are very paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
#
# Allow anonymous FTP?
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
ftpd_banner=This config file is in /etc/vsftpd !!
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
chroot_local_user=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES

pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
#enable for standalone mode
listen=YES
tcp_wrappers=YES



/etc/vsftp.user_list

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
# for users that are denied.
ftpuser1


/etc/vsftpd.ftpusers

# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

/etc/vsftpd.chroot_list

# Who do we not want to chroot() ?
# No-one!

.................................................................................................... ...................
2. part

Firewall!!

4 the fw, try Iptables---- > the source 4 opening ftp is:


/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

Hope it will work out 4 you......

hi,
thanks for replying,
checked that, helped nothing.
which os are u running?

can you please explain me the difference between your iptables- and my shorewall-rule?

here´s my (obvious simple) vsftpd.conf (removed commented-out lines for clarity):

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
async_abor_enable=YES
ls_recurse_enable=YES
pam_service_name=vsftpd

i tried to make vsftpd work but with the steps desciprd her..
when i ftp my server from my workstation, it seems to work but, a blank page is diaplayed with the
Index of ftp://192.168.0.3/
html link -> Up to higher level directory

Its strange, because my /var/ftp/ directory contains a stuff subdir. Nothing shows on the page..

When i try to log in a shell, i have the following error messsages :
[root@dhcppc2 stuff]# ftp localhost
Connected to localhost.localdomain.
220 dhcppc2 FTP server (Version 5.60) ready.
334 Using authentication type GSSAPI; ADAT must follow
GSSAPI accepted as authentication type
GSSAPI error major: Miscellaneous failure
GSSAPI error minor: No credentials cache found
GSSAPI error: initializing context
GSSAPI authentication failed
334 Using authentication type KERBEROS_V4; ADAT must follow
KERBEROS_V4 accepted as authentication type
Kerberos V4 krb_mk_req failed: You have no tickets cached
Name (localhost:root): root
530 Must perform authentication before identifying USER.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

hi:
Does anyone know how to set the user permissions for vsftp . I am trying to create a super user who is able to access all the files of other users. Is there anyway i can do this. Please let me know
Chethan Channnappa
Research Assistant
University of Texas at Dallas

I'm also verry interessted in how we can create a superuser that have access to all directories.