vsftpd + connection refused
Hello everyone,
I have setup vsftpd but i cannot login from the network, there is an external interface on that machine, i can login via that . I can ftp from the same server but if i try to ftp out of the box it gives me connection refused. ftp: connect: Connection refused ftp> My vsftpd service is runnig : netstat -a | grep ftp tcp 0 0 *:ftp *:* LISTEN iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination i also gave vsftpd: ALL in the /etc/hosts.allow. Still it gives me a connnection refused. I also tried reinstalling the ftp server, but no luck ... how can i login ??? Thanks in advance. |
By default I think vsftpd is configured to allow anonymous access, but not access for user accounts. Have you checked your config files, using the guide on the vsftpd homepage?
|
Hi,
This is my vsftpd settings. anonymous_enable=YES local_enable=YES write_enable=YES local_umask=022 pam_service_name=vsftpd userlist_enable=YES listen=YES tcp_wrappers=YES Thanks for the help . |
Your config looks alright, and thinking about it more it seems likely that there's a problem with the daemon itself. If there was a problem with the config, most likely you'd be able to make a connection, but logging in wouldn't be possible. The fact that you have a connection refused error immediately suggests the daemon isn't accessible.
I didn't quite understand your sentence, "I have setup vsftpd but i cannot login from the network, there is an external interface on that machine, i can login via that . I can ftp from the same server but if i try to ftp out of the box it gives me connection refused." Perhaps you could explain this further? How many computers do you have, how many are running FTP daemons and which ones are unable to connect to each other? This wasn't clear to me from reading what you wrote. I guess you could test the connection using telnet or netcat, first from the local machine and then from a remote machine. It sounds like you've a pretty good idea of what you're doing, so I guess it's not necessary to provide instructions. If the port is closed for both the local and remote scans then you probably need to double your check your firewall rules on the server - I'm not familiar with iptables, so I've no idea if your rules above are okay. If the port appears open from the local connection but closed from the remote connection, there are three main possibilities that I can think of. First is that your remote machine is listed in /etc/hosts.deny on the server. This seems unlikely, but should be quick to check. The second possibility is the outgoing connections from your remote computer are firewalled. You could probably test this by looking up a publically accessible FTP server and trying to access that. If it works then most likely your outgoing connections aren't firewalled. The final thing I can think of is that there may be some kind of firewall on the network, between your server and the remote machine. What kind of network setup is it? Is it a home network that you've set up, or a work one that someone else maintains? Obviously if you set up the network yourself, you'll have a good idea of what is or isn't there, but if it's a work network then you may need to talk to you network admin(s) to resolve this. You might be able to get round it by running the FTP server on a different port that isn't blocked, but that's not an ideal solution. |
Quote:
I had a similiar oversight when trying to configure my servers imapd. I typoed the inteface IP in the configs and accidentaly made the daemon listen on 10.134.1.100 instead of 10.134.0.100, which would have been the external interface... |
Hello,
The machine in which i have installed vsftpd is having the ip address u.v.w.x when i do ftp u.v.w.x staying in the same machine i can login and everything is working. But when i go to any other machine in the network say for example a.b.c.d and type ftp u.v.w.x it gives me a connection refused. I hope the picture is clear now. Thanks for the reply. |
Just curious but does your /etc/hosts.deny have?
Code:
ALL:ALL |
Hello ,
The /etc/hosts.deny is empty there are no rules specified in it. Thanks for the reply. |
iptables
have u allowed port 21 in iptables, if yes, then don't use tcpwappers just disable with "#" mark.
It will work !! |
Hi,
There was a firewall issue , they removed the firewall and sorted. Thanks |
All times are GMT -5. The time now is 06:34 AM. |