LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   vsftpd not allowing external access (https://www.linuxquestions.org/questions/linux-software-2/vsftpd-not-allowing-external-access-262826/)

bubby 12-05-2004 09:18 AM
vsftpd not allowing external access
 
I am running RH Fedora Core 3. I installed FTP from the install CDs. I have port 21 forwarding on my router and the linux firewall has ftp open. The vsftpd.conf file shows anonymous_enable=YES and local_enable=YES.

Here's the weird part...
From a command prompt, I can type "ftp localhost" and connect using my username and pwd.

From my windows machine, I can connect using ws_ftp and the internal 192.168... NAT address using my username and pwd.

When I try to connect using my server address (i.e. myserver.myhost.org), I can't connect. Most of the time, ws_ftp spins its wheels and will give me the connect sound (train whistle) after about three minutes but it obviously isn't connected since it doesn't show any files or folders. I was noodling with the conf file and set anonymous_enable=NO and ws_ftp gave me an "unable to connect" error rather quickly. I have also tried setting connect_from_port_20=NO (it's currently set to YES) and restarting the service but that didn't help.

I have reset the config file to its defaults. I'm relatively new to linux and don't want to break anything.

What am I missing? vsftpd is obviously running but it will only listen to internal requests.

Thanks,
Joe Fusco

trickykid 12-05-2004 09:27 AM
vsftpd doesn't know the difference from internal or external requests from your setup. If you're sure port 21 is forwarding to your server from your router, you now need to make sure your ISP doesn't block port 21, etc. What kind of router is this?

hw-tph 12-05-2004 01:19 PM
On several distributions, the default for xinetd is to have "only_from = localhost" set in xinetd.conf. If you have vsftpd launched from xinetd - as opposed to running as a daemon - you should have a look at this file and the vsftpd xinetd.d entry to make sure they allow external access.


Håkan

bubby 12-05-2004 07:29 PM
It's a linksys befsr41 cable/dsl router. I can check on port blocking, that makes sense. I'll look and see how to specify listening on another port and maybe try that, too (unless you can give me a hint).

I didn't find a vsftpd entry in xinetd.d. Is there anything wrong with running it as a daemon?

Thanks

trickykid 12-05-2004 07:38 PM
Quote:
Originally posted by bubby
I didn't find a vsftpd entry in xinetd.d. Is there anything wrong with running it as a daemon?
There is absolutely nothing wrong running it in standalone mode. ;)

But yes, try to set it up so it possibly listens on port say.. 2121, if that works after forwarding that port to your server, it could very well be that your ISP blocks port 21 to prevent people from running FTP servers, etc.

mrcheeks 12-05-2004 09:35 PM
might be funny but
- do you have a firewall?
- is the firewall accepting incoming connections on ftp port number?
- like trickykid said could be your isp too you can try different ports. If you don't run a web server try to run ftp server on port 80.

bubby 12-06-2004 08:29 AM
No firewall. The Fedora firewall is set to allow FTP.

I went to Shields Up!! (https://grc.com/x/ne.dll?bh0bkyd2) and probed port 21. At first, it came back as open. I read some information about port 20 & 21 related ot FTP and decided to probe ports 20-22. 20 came back open but 21 came back as "stealth." According to the description, "Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). "

Does this mean it's being blocked? Or does it mean my system is not configured properly?

Incidentally, SSH and port 22 work fine.

I also tried running it on port 2121 but that even failed with the internal NAT address.

bubby 12-06-2004 11:38 AM
This is interesting...

As I first stated, ws_ftp is indicating that it connects using the server name but it doesn't list any files. I decided to test the connection and send a small file.

The file didn't upload successfully, but the server *did* create a zero-length file of the same name.

So, there's a connection being established but not completely... any thoughts?

bubby 12-06-2004 11:48 AM
Here's the connection log from ws_ftp if it's helpful (IPs and names hidden)

Finding Host unclebubby.dnsalias.org ...
Connecting to xxx.xxx.xxx.xxx:21
Connected to xxx.xxx.xxx.xxx:21 in 0.000000 seconds, Waiting for Server Response
220 (vsFTPd 2.0.1)
Host type (1): Automatic Detect
USER user
331 Please specify the password.
PASS (hidden)
230 Login successful.
SYST
215 UNIX Type: L8
Host type (2): Unix (Standard)
PWD
257 "/home/user"
CWD /home/user
250 Directory successfully changed.
PWD
257 "/home/user"
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (192,168,1,99,190,15)
connecting data channel to 192.168.1.99:190,15(48655)
Substituting connection address xxx.xxx.xxx.xxx for private address 192.168.1.99 from PASV
PORT 192,168,1,98,15,84
200 PORT command successful. Consider using PASV.
LIST
425 Failed to establish connection.

Could it be that I'm connecting from the same IP and it doesn't like that I'm routing outside to come back in? I'll try connecting from a remote computer and see how it goes.


All times are GMT -5. The time now is 06:13 AM.