|
VSFTP No Socket error
I recently built a new FC4 machine with the hardware listed below. I have everything I need up and running except for VSFTPD. When I try to connect to my server from within the network it will say "606 NO SOCKET." I'm fairly new to this sort of stuff so any help is greatly appreciated. Here is a copy of my vsftpd.conf:
Code:
# Example config file /etc/vsftpd/vsftpd.conf |
Sounds like a client-side error. What OS are you running on the client? What ftp client are you using? ("which ftp" should show that if you're running Linux/Unix on the client.) Can you cut and paste the actual ftp command session and post it here? Do you have a firewall blocking outbound ephemeral port traffic from the client?
You've enabled tcp_wrapper support in vsftpd.conf; have you configured /etc/hosts.allow and /etc/hosts.deny? Is vsftpd actually running on the server? The command "service vsftpd status" should answer that. Do you have a firewall blocking port 21 at the server? Post the output of "netstat --proto=inet,inet6 -pnl" from the server. |
I'm using Windows XP professional for the client, and WSFTP Pro. Heres a copy of the session:
WINSOCK.DLL: WinSock 2.0 WS_FTP Pro, Version 7.02, 2001.10.01 Connecting to 192.168.1.8:21 Connected to 192.168.1.8:21, Waiting for Server Response 220 (vsFTPd 2.0.3) Host type (1): Automatic detect USER ktriggs 331 Please specify the password. PASS (hidden) 606 no socket The outbound traffic isn't being blocked either. I'm not quite sure how to configure /etc/hosts.allow and /etc/hosts.deny, but I looked in those files and found nothing but headers. The VSFTPD service is running and port 21 is forwarded to the correct IP on my router. Here is the output after running the "netstat --proto=inet,inet6 -pnl" command: Code:
[root@haze ~]# netstat --proto=inet,inet6 -pnl |
Do you have an option to disable passive (PASV) mode transfers in your client? If so, try it.
|
Something in your reply just caught my eye. You say you're forwarding port 21 on your router... Is your XP client on a different subnet than your FC4 server? If so, you'll have to forward the ftp-data port(s), too, and unfortunately those port numbers vary from session to session. You'll need to configure vsftpd to use a constrained range of ports for passive mode data transfers. Add the following to vsftpd.conf.
pasv_min_port=11000 pasv_max_port=11010 This causes vsftpd to listen for passive mode transfers on ports 11000 through 11010, and it will instruct clients to initiate the ftp-data connection within that port range. You'll need to unblock those ports on the server's firewall (iptables -A INPUT -p tcp --dport 11000:11010), and you'll need to add them to the list of forwarded ports on your router. You can expand or shrink the number of ports by adjusting pasv_min_port and pasv_max_port accordingly, but remember to modify iptables and your router's port forwarding list if you do that. |
Ok, I did that, but I changed the ports to 2300 through 2500. I don't get the same "no socket" error, but I do now get this:
WINSOCK.DLL: WinSock 2.0 WS_FTP Pro, Version 7.02, 2001.10.01 Connecting to 192.168.1.8:21 Connected to 192.168.1.8:21, Waiting for Server Response 220 (vsFTPd 2.0.3) Host type (1): Automatic detect USER ktriggs 331 Please specify the password. PASS (hidden) 500 OOPS: cannot change directory:/storage/WD250 thanks again! |
Go to this thread and search for your error. (It'll be easy to find. It's at the bottom.) You'll find that the cause of your error comes from SELinux.
http://forums.fedoraforum.org/showthread.php?t=97374 |
jcliburn Thanks so much for all your help. It looks like the problem is resolved and the ftp service is working properly. One final question. Do you know how to tell which users you have logged on to the server? thanks.
|
Add the following line to /etc/vsftpd/vsftpd.conf
dual_log_enable=YES Then restart vsftpd. Thereafter, you can see ftp logins by viewing /var/log/vsftpd.log. There's probably a way to torture logwatch into producing a list nicely formatted, but I've never done it. |
I don't have a /var/log/vsftpd.log file.
EDIT: I actually found another way. by entering 'ps -ef |grep vsftp' |
ok, after I had a friend try to connect to my FTP server from outside my network and he couldn't connect using PASV but non-PASV worked wonderous. I want the PASV to work. He told me to add this : pasv_address=24.27.154.210 to the .conf and I did that, but still no go. It just times out. any ideas?
|
I presume you have a router at your network border? If so, you need to configure it to forward ports 2300 through 2500 (since that's the range of passive ports you enabled).
|
well I actually already had it setup from a previous server and it was ports 2300 through 2800 so I changed everything to that including the forwared ports on my router...still no luck. Thanks so much for your prompt replies, this is truly the exact sort of forum I've been searching for. I really appreciate it.
|
About the only thing I can recommend at this point is to initiate a packet capture on your server using ethereal while your friend attempts a passive mode transfer.
yum install ethereal ethereal-gnome Using this, you'll be able to see what the actual communication between the client and server looks like, and you might be able to tell where it's failing. Would you mind posting your firewall rules? Run the command "/sbin/iptables -L -n" and copy and paste the output here. Sanitize if you wish by masking important IP addresses. |
I never mentioned that I was running firestarter for my firewall, but here is the output when I type that command:
Code:
Chain FORWARD (policy DROP) |
| All times are GMT -5. The time now is 09:30 AM. |