LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   ftp - vsftpd connection problem (https://www.linuxquestions.org/questions/slackware-14/ftp-vsftpd-connection-problem-4175484143/)

markomarko 11-10-2013 05:10 PM
ftp - vsftpd connection problem
 
Hi everybody.
I have slackware 14 and I'm trying to enable FTP server (vsftpd). It seems that it's working, but noone is able to connect.

What I have done:
1) uncommented in /etc/inetd.conf -> ftp stream tcp nowait root /usr/sbin/tcpd vsftpd

2) edited /etc/vsftpd.conf:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=000
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
nopriv_user=mata
ftpd_banner=Maretov FTP server.
userlist_file=/etc/vsftpd.user_list
userlist_enable=YES
userlist_deny=NO
chroot_local_user=YES
chroot_list_enable=NO
ls_recurse_enable=YES
listen=NO
allow_writeable_chroot=YES

3) restarted rc.inetd
/etc/rc.d/rc.inetd restart

When I try to connect from MY computer to MY IP (not 127.0.0.1 but my IP which I saw at whatismyip.com) through Firefox everything is ok and working, I can log in, browse, etc.
But when I give my IP to my friends they can't do it, they can't connect to my computer.

I hope that I explained well.

What I have to do?

Than you, best regards.

Z038 11-10-2013 11:46 PM
You have anonymous logins disabled, so that means your friends must login as local users. Did you set up login accounts for your friends on your system and create their home directories?

Did you open up your firewall to forward incoming connections on port 21 to the system on your lan that runs your server?

If the answer to both of those questions is yes, then what messages do they see when they attempt to login? Do you see any vsftpd messages in /var/log/messsages, /var/log/syslog, or /var/log/secure?

dr.s 11-11-2013 05:37 AM
Quote:
Originally Posted by Z038 (Post 5062252)
You have anonymous logins disabled, so that means your friends must login as local users. Did you set up login accounts for your friends on your system and create their home directories?
In addition to above, these users have to be added to the user list file (vsftpd.user_list).

markomarko 11-11-2013 09:16 AM
1 Attachment(s)
Thanx for quick response.

I made one user that would use ftp - user is "mata" and he has his own home dir - "drwxrwx--- 3 mata users 4096 Nov 10 23:43 mata"


"Did you open up your firewall to forward incoming connections on port 21 to the system on your lan that runs your server?"

I don't know:-) I have some kind of firewall it's in the attachment.


"If the answer to both of those questions is yes, then what messages do they see when they attempt to login? Do you see any vsftpd messages in /var/log/messsages, /var/log/syslog, or /var/log/secure?"

They can't even login. I gave them my ip ftp://109.121.***.*** and they couldn't open it through web browser, there was no username/password dialog.

This is "cat |grep ftp" from:
/var/log/messages

Nov 10 23:19:09 titan kernel: [ 3627.171118] type=1326 audit(1384121949.389:2): auid=4294967295 uid=1002 gid=100 ses=4294967295 pid=2306 comm="vsftpd" sig=31 syscall=37 compat=0 ip=0x7f7606223577 code=0x0
Nov 10 23:24:26 titan kernel: [ 3943.862997] type=1326 audit(1384122266.013:3): auid=4294967295 uid=1002 gid=100 ses=4294967295 pid=2328 comm="vsftpd" sig=31 syscall=37 compat=0 ip=0x7fab19dfe577 code=0x0
Nov 10 23:38:44 titan kernel: [ 4802.704005] type=1326 audit(1384123124.670:4): auid=4294967295 uid=1002 gid=100 ses=4294967295 pid=2538 comm="vsftpd" sig=31 syscall=37 compat=0 ip=0x7ff67d3a6577 code=0x0


/var/log/syslog

nothing


/var/log/secure

Nov 10 23:14:02 titan vsftpd[2166]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:15:15 titan vsftpd[2169]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:16:05 titan vsftpd[2175]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:16:25 titan vsftpd[2177]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:17:16 titan vsftpd[2180]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:19:05 titan vsftpd[2306]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:23:28 titan vsftpd[2328]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:38:03 titan vsftpd[2538]: connect from 127.0.0.1 (127.0.0.1)
Nov 10 23:54:28 titan vsftpd[2746]: connect from 127.0.0.1 (127.0.0.1)


p.s. I already added "mata" user in vsftpd.user_list

Z038 11-11-2013 11:20 AM
The nopriv_user should not be mata, if that is the name of the user you want to be able to connect as a local user. nopriv_user should be set to a non-privileged account that your vsftpd server can use when it needs to run non-privileged. Look in /etc/passwd and see if you have a user called ftp, and use that if so. It should already be defined in Slackware. Mine looks like this:

Code:
ftp:x:14:50::/home/ftp:/bin/false

I didn't go through your firewall source in depth, but it looks like it is set to accept incoming FTP connections:

Code:
# FTP Server (Control)
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 21 -j ACCEPT

# FTP Client (Data Port for non-PASV transfers)
$IPT -A tcp_inbound -p TCP -s 0/0 --source-port 20 -j ACCEPT

# Passive FTP
$IPT -A tcp_inbound -p TCP -s 0/0 --destination-port 62000:64000 -j ACCEPT
If you are using a router device to connect to your ISP, you need to make sure that ports 20 and 21 are also opened there, and that they forward to the system on your lan that runs the server.

You'll also want to open up a passive port range and specify the same range in your vsftpd.conf, but let's just do one step at a time.

Make sure you have a directory called /usr/share/empty on your system. It should have 755 permissions (no write access by other).

markomarko 11-12-2013 01:46 PM
I also have ftp:x:14:50::/home/ftp:/bin/false in /et/passwd so now I changed nopriv_user=mata to nopriv_user=ftp

You are right, I'm using router to connect to my ISP (It's TP-Link Wireless N ADSL2+ Modem Router), but I don't know how to open ports 20 and 21.

I went to 192.168.1.1 and entered admin/admin and there I can setup a lot of things (it looks like this - http://www.eunet.rs/cms/view.php?id=7441), but I can't find anything that would be able to open ports 20 and 21.

Where should I look to find that out?

I have /usr/share/empty - drwxr-xr-x 2 root root 4096 Sep 18 2012 empty/

Z038 11-12-2013 02:16 PM
Go to portforward.com for instructions on how to forward ports. There are hundreds of routers listed in their router list, and specific instructions for each one. Here is the page for TP-Link routers.

http://portforward.com/english/route...nk/default.htm

You'll need to know the model number of your router. It's probably on a label on the back or bottom of the router.

markomarko 11-13-2013 02:58 PM
I tried to open my 20 and 21 ports following this quide http://portforward.com/english/route...D-8616/FTP.htm.
In local ip I entered 192.168.1.10 because it doesn't allows me to leave 0.0.0.0
And it's still no working.
I have tested it, and this site http://www.yougetsignal.com/tools/open-ports/ tells me that my ports 20 and 21 are not opened.

Z038 11-13-2013 04:15 PM
If 192.168.1.10 is the static IP address of the system on your LAN that hosts your vsftpd server, then what you did sounds right. Make sure you clicked Save after filling in the start and end port range and the IP address. If you did that, you should be able to see it on the Virtual Server Listing page. If it shows up there but the ports are still closed, then you may need to reboot your router.


All times are GMT -5. The time now is 01:45 AM.