Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

RH9 & vsftpd - Cannot FTP from remote machine

Status
Not open for further replies.
Newposter

Newposter

Technical User
May 9, 2002
735
US
Installed RH9 on a new server, included vsftpd in the installation. Created 2 user accounts, can login to localhost with each from shell on the server. No problem there.

Cannot login from a Windows machine on the same router. I've set both ports 20 and 21 to forward to the IP of the RH9 machine. Set the RH9 to allow FTP and eth0 in the firewall. FTP client says "connected to 192.xxx.xxx.xxx", followed by "Can't connect". I've set the RH9 to allow ascii, but I think that's irrelevant to simply logging in. The client is set to Auto-detect, and for normal login, not anonymous. Both server and client not set for anonymous.

Is it likely to be a firewall issue on the server? I confirmed the FTP server is running, and can login at its terminal.

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Sort by date Sort by votes
What happens if you try to telnet to the remote FTP at port 21

'telnet 192.168.100.100 21'

from a windows shell?

If it doesn't work, can you ping the FTP server from windows?

Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
Good question. Will try both tonight. I'll have to turn on telnet in the RH9 firewall - it's off now. I did set the RH9 box as a trusted IP in my Windows firewall, no change.

The FTP literature mentions an etc/ftpaccess file. This doesn't exist yet. Is it missing from my installation, or do I have to create it manually?

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
If the accounts in question can login locally then you have one of two problems.

1) VSFTP is configured to NOT allow those accounts to login from remote IPs, or

2) Your firewall/network is preventing some/all of the FTP protocol traffic from reaching the server.

You can check things via the telnet I showed. You can also monitor the vsftpd logs in /var/log. You can also monitor connections to the ftp via 'lsof -Pni', looking for ftp-related port entries.

Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
Thanks. I didn't see any options for choice #1 in the conf file, and I didn't add any such statement, so it's probably #2. I did disable anonymous logins, and I did not uncomment the chroot lines.

The instructions say that creating guest users for FTP targets the /var/ftp/ directory as their home. However, it also says that for linux user accounts, their home for FTP will be /home/username/. Is that not true?

Will also check permissions. The /home directories for each user were 700 by default; the owners were the usernames themselves, so they should be able to log in.

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
BTW, I have had a Windows FTP server running for some time with no issues on this router. I shut it down and forwarded ports 20 and 21 to the RH9 box before starting vsfptd. In the past, I had a RH8 installation that successfully used an FTP client to the Windows server.

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
AHA!!! Forwarding FTP in IPTables requires the 'insmod' of the 'ftp_conntrack' and related modules. Otherwise you cannot forward FTP through an IP Tables firewall/masquerade/NAT. It's something about the FTP protocol....

Let me google up something about it....


Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
So it's not enough to set the router to forward ports 20 and 21 to the RH9 box?

Pinging does produce a good response.

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
And I already used the GUI to set security to allow FTP through the firewall. Isn't that the same?

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
I just looked at the service status after restarting, and it says "vsftpd dead but subsys locked". When I shut down the PC, the vsftpd server failed to stop. Also, what about the missing var/ftpaccess file?

Should I just uninstall and reinstall the server?

Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
reinstall the vsftp rpm if you want, you probably have a set of misconfigured config files for vsftp.

Insmod the modules as I said. And visit the vsftpd website for config advice.

Surfinbox.com Business Internet Services - National Dialup, DSL, T-1 and more.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

malpa
  • Locked
  • Question
block incoming snmp traps from ip
Replies
1
Views
417
malpa
malpa
kasperelectronics
  • Locked
  • Question
Desktop streaming from a server to low power front end device e.g. RasPi
Replies
0
Views
279
kasperelectronics
kasperelectronics
ComputersUnlimited
  • Locked
  • Question
Cannot login into Ubuntu via SSH 1
Replies
4
Views
478
ComputersUnlimited
ComputersUnlimited
fayevalentine
  • Locked
  • Question
cannot access shared folder 1
Replies
2
Views
259
SamBones
SamBones
jponnusa
  • Locked
  • Question
Connectivity Apache HTTPD & Tomcat7 (AJP Connector)
Replies
0
Views
240
jponnusa
jponnusa

Part and Inventory Search

Sponsor

Back
Top