Problem setting up vsftp on ubuntu

mahmoodn · 05-22-2018, 11:00 AM

I followed the steps to config a ftp server on ubuntu 16.04. At the end, I am not able to connect from remote machine!

Code:

root@ce:/home/ftpuser# ls -l
total 4
dr-xr-xr-x 3 nobody nogroup 4096 May 22 08:57 ftp
root@ce:/home/ftpuser# ls -lR
.:
total 4
dr-xr-xr-x 3 nobody nogroup 4096 May 22 08:57 ftp

./ftp:
total 4
drwxr-xr-x 2 ftpuser ftpuser 4096 May 22 08:58 files

./ftp/files:
total 4
-rw-r--r-- 1 root root 17 May 22 08:58 test.txt

The config file is

Code:

root@ce:/home/ftpuser# cat /etc/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=002
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
dual_log_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#allow_writable_chroot=YES
allow_writeable_chroot=YES
seccomp_sandbox=NO
pasv_enable=YES
pasv_max_port=40000
pasv_min_port=50000
pasv_address=W.X.Y.Z
user_sub_token=$USER
local_root=/home/$USER/ftp
listen_port=45000
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

The pasv_address is the ip address obtained from ifconfig command. The firewall is also off

Code:

root@ce:/home/ftpuser# ufw status
Status: inactive

When I restart the service, I see the related process is bound to port 45000

Code:

root@ce:/home/ftpuser# service vsftpd restart
vsftpd stop/waiting
vsftpd start/running, process 21058
root@ce:/home/ftpuser# netstat -tulpn | grep vsftpd
tcp        0      0 0.0.0.0:45000           0.0.0.0:*               LISTEN      21058/vsftpd

However, from a remote machine when I run ftp WEBSITENAME, the connection time out message is shown

michaelk · 05-22-2018, 11:38 AM

The default port is 21 if not specified on the command line. Try

ftp hostname 45000

I don't know if the listen port can be within the pasv range.

mahmoodn · 05-22-2018, 11:47 AM

No it doesn't help.
The ip address shown in the output of ifconfig is 192.168.168.180. The network admin has defined a valid ip 178.x.y.z which can be accessed from outside world. So, from home, when I ping the hostname, I see 178.x.y.z

My question is, should I write 192.... or 178... in pasv_address?

michaelk · 05-22-2018, 11:57 AM

If trying to access the server from home then you would use

ftp 178.x.y.x 45000

if within the network you can use the local IP address.

ftp 192.168.168.180 45000

The firewalls if running on the server and the corporate network need to allow 40000-50000.

mahmoodn · 05-22-2018, 11:59 AM

Sorry but my question has not been replied

My question is, should I write 192.... or 178... in pasv_address?

michaelk · 05-22-2018, 12:11 PM

I would comment it out and let the server use the default.

mahmoodn · 05-22-2018, 12:15 PM

So it is now

Code:

pasv_address=

I also want to try with the default port. Should I leave min max ports blank?

Code:

pasv_max_port=
pasv_min_port=

michaelk · 05-22-2018, 12:23 PM

Sorry for the misunderstanding. You should comment out the options by using # at the start of the line

Code:

#pasv_max_port=
#pasv_min_port=
#pasv_address=

The max min should be used if running a firewall.

mahmoodn · 05-22-2018, 12:28 PM

So, I also commented listen_port in order to set it to default 21

Code:

#pasv_max_port=40000
#pasv_min_port=50000
#pasv_addresss=
user_sub_token=$USER
local_root=/home/$USER/ftp
#listen_port=45000

Still I have problem after restarting the service. As you can see below, the ssh works, but ftp doesn't work even from local network.

Code:

[root@rocks7 ~]# ssh mahmood@192.168.168.180
Warning: Permanently added '192.168.168.180' (ECDSA) to the list of known hosts.
mahmood@192.168.168.180's password:
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-147-generic x86_64)

 * Documentation:  https://help.ubuntu.com/
....
$ exit
Connection to 192.168.168.180 closed.
[root@rocks7 ~]# ftp -p 192.168.168.180
ftp: connect: Connection timed out
ftp>
[root@rocks7 ~]# ftp -p ftpuser@192.168.168.180
ftp: ftpuser@192.168.168.180: Name or service not known
ftp> quit

michaelk · 05-22-2018, 12:36 PM

You still have to specify a listen port. If a firewall is running on the server you need to allow traffic on whatever you are using for its listen_port.

Have you tried logging in on the server itself?

mahmoodn · 05-22-2018, 02:24 PM

Although I specified a log file name, there is nothing in it

Code:

root@ce:~# service vsftpd restart
vsftpd stop/waiting
vsftpd start/running, process 27767
root@ce:~# cat /var/log/vsft*
cat: /var/log/vsft*: No such file or directory
root@ce:~# netstat -tulpn | grep vsftp
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      27767/vsftpd
root@ce:~# cat /etc/vsftpd.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=002
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
dual_log_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#allow_writable_chroot=YES
allow_writeable_chroot=YES
seccomp_sandbox=NO
pasv_enable=YES
#pasv_max_port=40000
#pasv_min_port=50000
#pasv_addresss=
user_sub_token=$USER
local_root=/home/$USER/ftp
listen_port=21
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
vsftpd_log_file=/var/log/vsftpd.log
log_ftp_protocol=YES
xferlog_std_format=YES

The firewall is also disabled

Code:

root@ce:~# ufw status
Status: inactive

michaelk · 05-22-2018, 02:28 PM

If the server is not headless can you physically sit at its keyboard and login to the ftp server i.e.

ftp localhost

mahmoodn · 05-22-2018, 02:31 PM

The server is on vmware. Although I specified ftpuser, what do you think about this?

Code:

root@ce:~# ftp  ftpuser@localhost
ftp: ftpuser@localhost: Name or service not known
ftp> exit
root@ce:~# ftp  localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:mahmood):

michaelk · 05-22-2018, 02:58 PM

The server is only connecting via IPv4 but it is working. Make sure that any firewalls allow ftp traffic.

ftp is not ssh so ftpuser@localhost is not correct syntax.

mahmoodn · 05-22-2018, 03:12 PM

The port is open and as I said, ufw is not running

Code:

root@ce:~# ufw status
Status: inactive
root@ce:~# netstat -an | grep 21
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN
root@ce:~# ftp  localhost
ftp: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
220 (vsFTPd 3.0.2)
Name (localhost:mahmood): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

on localhost everything is ok