ftp - vsftpd connection problem
Hi everybody.
I have slackware 14 and I'm trying to enable FTP server (vsftpd). It seems that it's working, but noone is able to connect. What I have done: 1) uncommented in /etc/inetd.conf -> ftp stream tcp nowait root /usr/sbin/tcpd vsftpd 2) edited /etc/vsftpd.conf: anonymous_enable=NO local_enable=YES write_enable=YES local_umask=000 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES nopriv_user=mata ftpd_banner=Maretov FTP server. userlist_file=/etc/vsftpd.user_list userlist_enable=YES userlist_deny=NO chroot_local_user=YES chroot_list_enable=NO ls_recurse_enable=YES listen=NO allow_writeable_chroot=YES 3) restarted rc.inetd /etc/rc.d/rc.inetd restart When I try to connect from MY computer to MY IP (not 127.0.0.1 but my IP which I saw at whatismyip.com) through Firefox everything is ok and working, I can log in, browse, etc. But when I give my IP to my friends they can't do it, they can't connect to my computer. I hope that I explained well. What I have to do? Than you, best regards. |
You have anonymous logins disabled, so that means your friends must login as local users. Did you set up login accounts for your friends on your system and create their home directories?
Did you open up your firewall to forward incoming connections on port 21 to the system on your lan that runs your server? If the answer to both of those questions is yes, then what messages do they see when they attempt to login? Do you see any vsftpd messages in /var/log/messsages, /var/log/syslog, or /var/log/secure? |
Quote:
|
1 Attachment(s)
Thanx for quick response.
I made one user that would use ftp - user is "mata" and he has his own home dir - "drwxrwx--- 3 mata users 4096 Nov 10 23:43 mata" "Did you open up your firewall to forward incoming connections on port 21 to the system on your lan that runs your server?" I don't know:-) I have some kind of firewall it's in the attachment. "If the answer to both of those questions is yes, then what messages do they see when they attempt to login? Do you see any vsftpd messages in /var/log/messsages, /var/log/syslog, or /var/log/secure?" They can't even login. I gave them my ip ftp://109.121.***.*** and they couldn't open it through web browser, there was no username/password dialog. This is "cat |grep ftp" from: /var/log/messages Nov 10 23:19:09 titan kernel: [ 3627.171118] type=1326 audit(1384121949.389:2): auid=4294967295 uid=1002 gid=100 ses=4294967295 pid=2306 comm="vsftpd" sig=31 syscall=37 compat=0 ip=0x7f7606223577 code=0x0 Nov 10 23:24:26 titan kernel: [ 3943.862997] type=1326 audit(1384122266.013:3): auid=4294967295 uid=1002 gid=100 ses=4294967295 pid=2328 comm="vsftpd" sig=31 syscall=37 compat=0 ip=0x7fab19dfe577 code=0x0 Nov 10 23:38:44 titan kernel: [ 4802.704005] type=1326 audit(1384123124.670:4): auid=4294967295 uid=1002 gid=100 ses=4294967295 pid=2538 comm="vsftpd" sig=31 syscall=37 compat=0 ip=0x7ff67d3a6577 code=0x0 /var/log/syslog nothing /var/log/secure Nov 10 23:14:02 titan vsftpd[2166]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:15:15 titan vsftpd[2169]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:16:05 titan vsftpd[2175]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:16:25 titan vsftpd[2177]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:17:16 titan vsftpd[2180]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:19:05 titan vsftpd[2306]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:23:28 titan vsftpd[2328]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:38:03 titan vsftpd[2538]: connect from 127.0.0.1 (127.0.0.1) Nov 10 23:54:28 titan vsftpd[2746]: connect from 127.0.0.1 (127.0.0.1) p.s. I already added "mata" user in vsftpd.user_list |
The nopriv_user should not be mata, if that is the name of the user you want to be able to connect as a local user. nopriv_user should be set to a non-privileged account that your vsftpd server can use when it needs to run non-privileged. Look in /etc/passwd and see if you have a user called ftp, and use that if so. It should already be defined in Slackware. Mine looks like this:
Code:
ftp:x:14:50::/home/ftp:/bin/false I didn't go through your firewall source in depth, but it looks like it is set to accept incoming FTP connections: Code:
# FTP Server (Control) You'll also want to open up a passive port range and specify the same range in your vsftpd.conf, but let's just do one step at a time. Make sure you have a directory called /usr/share/empty on your system. It should have 755 permissions (no write access by other). |
I also have ftp:x:14:50::/home/ftp:/bin/false in /et/passwd so now I changed nopriv_user=mata to nopriv_user=ftp
You are right, I'm using router to connect to my ISP (It's TP-Link Wireless N ADSL2+ Modem Router), but I don't know how to open ports 20 and 21. I went to 192.168.1.1 and entered admin/admin and there I can setup a lot of things (it looks like this - http://www.eunet.rs/cms/view.php?id=7441), but I can't find anything that would be able to open ports 20 and 21. Where should I look to find that out? I have /usr/share/empty - drwxr-xr-x 2 root root 4096 Sep 18 2012 empty/ |
Go to portforward.com for instructions on how to forward ports. There are hundreds of routers listed in their router list, and specific instructions for each one. Here is the page for TP-Link routers.
http://portforward.com/english/route...nk/default.htm You'll need to know the model number of your router. It's probably on a label on the back or bottom of the router. |
I tried to open my 20 and 21 ports following this quide http://portforward.com/english/route...D-8616/FTP.htm.
In local ip I entered 192.168.1.10 because it doesn't allows me to leave 0.0.0.0 And it's still no working. I have tested it, and this site http://www.yougetsignal.com/tools/open-ports/ tells me that my ports 20 and 21 are not opened. |
If 192.168.1.10 is the static IP address of the system on your LAN that hosts your vsftpd server, then what you did sounds right. Make sure you clicked Save after filling in the start and end port range and the IP address. If you did that, you should be able to see it on the Virtual Server Listing page. If it shows up there but the ports are still closed, then you may need to reboot your router.
|
All times are GMT -5. The time now is 01:45 AM. |