Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently built a new FC4 machine with the hardware listed below. I have everything I need up and running except for VSFTPD. When I try to connect to my server from within the network it will say "606 NO SOCKET." I'm fairly new to this sort of stuff so any help is greatly appreciated. Here is a copy of my vsftpd.conf:
Code:
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
#ftpd_banner=Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
passwd_chroot_enable=YES
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES
Sounds like a client-side error. What OS are you running on the client? What ftp client are you using? ("which ftp" should show that if you're running Linux/Unix on the client.) Can you cut and paste the actual ftp command session and post it here? Do you have a firewall blocking outbound ephemeral port traffic from the client?
You've enabled tcp_wrapper support in vsftpd.conf; have you configured /etc/hosts.allow and /etc/hosts.deny?
Is vsftpd actually running on the server? The command "service vsftpd status" should answer that. Do you have a firewall blocking port 21 at the server?
Post the output of "netstat --proto=inet,inet6 -pnl" from the server.
I'm using Windows XP professional for the client, and WSFTP Pro. Heres a copy of the session:
WINSOCK.DLL: WinSock 2.0
WS_FTP Pro, Version 7.02, 2001.10.01
Connecting to 192.168.1.8:21
Connected to 192.168.1.8:21, Waiting for Server Response
220 (vsFTPd 2.0.3)
Host type (1): Automatic detect
USER ktriggs
331 Please specify the password.
PASS (hidden)
606 no socket
The outbound traffic isn't being blocked either.
I'm not quite sure how to configure /etc/hosts.allow and /etc/hosts.deny, but I looked in those files and found nothing but headers. The VSFTPD service is running and port 21 is forwarded to the correct IP on my router.
Here is the output after running the "netstat --proto=inet,inet6 -pnl" command:
Code:
[root@haze ~]# netstat --proto=inet,inet6 -pnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address Stat
e PID/Program name
tcp 0 0 0.0.0.0:139 0.0.0.0:* LIST
EN 2517/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LIST
EN 2093/portmap
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LIST
EN 2599/perl
tcp 0 0 0.0.0.0:51986 0.0.0.0:* LIST
EN 2111/rpc.statd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LIST
EN 2399/vsftpd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LIST
EN 2350/cupsd
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LIST
EN 2332/mDNSResponder
tcp 0 0 127.0.0.1:25 0.0.0.0:* LIST
EN 2424/sendmail: acce
tcp 0 0 0.0.0.0:445 0.0.0.0:* LIST
EN 2517/smbd
tcp 0 0 :::80 :::* LIST
EN 2459/httpd
tcp 0 0 :::22 :::* LIST
EN 2390/sshd
tcp 0 0 :::443 :::* LIST
EN 2459/httpd
udp 0 0 0.0.0.0:32768 0.0.0.0:*
2111/rpc.statd
udp 0 0 127.0.0.1:32769 0.0.0.0:*
2604/smbd
udp 0 0 192.168.1.8:137 0.0.0.0:*
2519/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:*
2519/nmbd
udp 0 0 192.168.1.8:138 0.0.0.0:*
2519/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:*
2519/nmbd
udp 0 0 0.0.0.0:10000 0.0.0.0:*
2599/perl
udp 0 0 0.0.0.0:5353 0.0.0.0:*
2332/mDNSResponder
udp 0 0 0.0.0.0:111 0.0.0.0:*
2093/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:*
2350/cupsd
udp 0 0 0.0.0.0:1015 0.0.0.0:*
2111/rpc.statd
Something in your reply just caught my eye. You say you're forwarding port 21 on your router... Is your XP client on a different subnet than your FC4 server? If so, you'll have to forward the ftp-data port(s), too, and unfortunately those port numbers vary from session to session. You'll need to configure vsftpd to use a constrained range of ports for passive mode data transfers. Add the following to vsftpd.conf.
pasv_min_port=11000
pasv_max_port=11010
This causes vsftpd to listen for passive mode transfers on ports 11000 through 11010, and it will instruct clients to initiate the ftp-data connection within that port range.
You'll need to unblock those ports on the server's firewall (iptables -A INPUT -p tcp --dport 11000:11010), and you'll need to add them to the list of forwarded ports on your router. You can expand or shrink the number of ports by adjusting pasv_min_port and pasv_max_port accordingly, but remember to modify iptables and your router's port forwarding list if you do that.
Ok, I did that, but I changed the ports to 2300 through 2500. I don't get the same "no socket" error, but I do now get this:
WINSOCK.DLL: WinSock 2.0
WS_FTP Pro, Version 7.02, 2001.10.01
Connecting to 192.168.1.8:21
Connected to 192.168.1.8:21, Waiting for Server Response
220 (vsFTPd 2.0.3)
Host type (1): Automatic detect
USER ktriggs
331 Please specify the password.
PASS (hidden)
500 OOPS: cannot change directory:/storage/WD250
jcliburn Thanks so much for all your help. It looks like the problem is resolved and the ftp service is working properly. One final question. Do you know how to tell which users you have logged on to the server? thanks.
Thereafter, you can see ftp logins by viewing /var/log/vsftpd.log. There's probably a way to torture logwatch into producing a list nicely formatted, but I've never done it.
ok, after I had a friend try to connect to my FTP server from outside my network and he couldn't connect using PASV but non-PASV worked wonderous. I want the PASV to work. He told me to add this : pasv_address=24.27.154.210 to the .conf and I did that, but still no go. It just times out. any ideas?
I presume you have a router at your network border? If so, you need to configure it to forward ports 2300 through 2500 (since that's the range of passive ports you enabled).
well I actually already had it setup from a previous server and it was ports 2300 through 2800 so I changed everything to that including the forwared ports on my router...still no luck. Thanks so much for your prompt replies, this is truly the exact sort of forum I've been searching for. I really appreciate it.
About the only thing I can recommend at this point is to initiate a packet capture on your server using ethereal while your friend attempts a passive mode transfer.
yum install ethereal ethereal-gnome
Using this, you'll be able to see what the actual communication between the client and server looks like, and you might be able to tell where it's failing.
Would you mind posting your firewall rules? Run the command "/sbin/iptables -L -n" and copy and paste the output here. Sanitize if you wish by masking important IP addresses.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
