Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ftp server won't accept connections

Posted on 2000-03-06
23
Medium Priority
?
318 Views
Last Modified: 2013-12-16
My RH 6.1 server will no longer accept FTP connections. I was successfully running my FTP server (for quite some time) using wu-ftpd, so I know that my system did work correctly in the past.  Then I installed a new version of wu (2.6.0-1) as advised by a Red Hat security update.  I can't verify that this is when my problem developed but I think it is.  Anyway, after that any time I try to connect to the server the FTP client just hangs and won't ever make the connection.  I thought it must be a problem with wu, so I removed it and installed proftpd, but I still have the same situation.  A port scan on my machine reveals that port 21 is indeed open but I have no luck connecting.  Any ideas?
0
Comment
Question by:karwoski
  • 9
  • 8
  • 4
  • +1
23 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2590116
The 2.6.0-1 update works just fine so I don't think it would be the problem. And as you've noticed other ftp servers don't work either. I'd start figuring out what's going on by going back to wu-ftp as it should work okay. Then take a look at /etc/inetd.conf and make sure that ftp is enabled and that access is allowed by /etc/hosts.allow.

If those look okay, try running an ftp client on the system connecting to the system (ftp localhost). It sounds circular, but it's fine with Linux. If the client hangs, while it is up see if there is an ftpd process running.

If a local client can connect, but a remote can't, then the problem might be a routing problem. check by trying other access (telnet or rlogin) from the remote client. Also wouldn't hurt to take a look at "netstat -rn" on the server & the client to make sure the default route is correct.

Another possible problem would be that some router or firewall between the remote client and the server is blocking the FTP ports.

Okay look at those and let us know what you find out.


0
 
LVL 12

Expert Comment

by:j2
ID: 2590960
.and as always "Is DNS resolution working"?
0
 

Author Comment

by:karwoski
ID: 2591659
OK, here's what I've checked out.  I'm back to running wu-ftpd-2.6.0-1.  In /etc/inetd.conf I have the ftp section enabled.  The entry is: ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a.

/etc/hosts.allow and /etc/hosts.deny are both empty.  Also, I'm connecting to the machine via SSH so my path the remote machine is at least partially OK.

An attempt to connect to my server localally (ftp localhost) hangs with the message "Connected to localhost."

In answer to j2, I don't remember where to check to see if DNS resolution is set.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 12

Expert Comment

by:j2
ID: 2591734
First of all, is it really "hung" or is it just waiting for a DNS resolution.

make sure that all IP's you will be connected from are present in /etc/hosts (or you have a proper DNS running).

like

192.168.0.100   gonzo.mupp.net

if the ip of the systme is 192.168.0.100 and the name is gonzo.mupp.net

also check so you have an entry for "localhost" in /etc/hosts

and also check that "files" is present as a parameter to hosts: in /etc/nsswitch.conf
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2592013
When you used ftp localhost did you check to see if an ftpd is running while the ftp client is "hung"? (Hint, "ps -ef | grep ftpd | grep -v grep").
0
 

Author Comment

by:karwoski
ID: 2592368
/etc hosts does contain an entry for localhost.  The main IP I connect from doesn't have a DNS name to resolve to, so I tried using another machine that did have a DNS entry.  I added an entry for the host in my /etc/hosts and still was not able to connect.  I've grep'ed the process list when trying to connect and don't see an instance of ftpd running.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2592764
Ha!, I'll bet something else is listening on the FTP ports and catching the connection. Since it's not an FTP server, the client just hangs waiting on a response.

Look in /etc/services and see if there's multiple definitions for ports 20/21. Also you should look at /etc/inetd.conf and see what's enabled.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2592789
Oh yeah, while the client is running you can find out what's on the FTP ports (as root) with: "lsof -i TCP:20 -i TCP21". That will returnfile names that are using the FTP ports.
0
 

Author Comment

by:karwoski
ID: 2592809
In /etc/services I've got ftp-data on port 20/tcp, ftp on port 21/tcp and fsp on port 21/udp.

When I saw two entries for 21 I thought that must be it but then noticed that the fsp service is only udp.  I went ahead a commented it out though and tried connecting again but no luck.  Is there anything I need to restart after making a change to the services file (e.g. like kill -1 to inetd when changing inetd.conf)?

The only thing I have enabled in inetd.conf is ftp.

I ran lsof (which was a new command to me. Thanks!) and got info telling me the name of the service on that port was *:ftp (LISTEN).
0
 
LVL 12

Expert Comment

by:j2
ID: 2592829
aah.. It might be stalling waiting for an ident reply (which it wants after you installed the upgrade)

Run an identd server on the client.
0
 

Author Comment

by:karwoski
ID: 2592866
I tried running identd on the client and still wasn't able to make a connection.
0
 
LVL 12

Expert Comment

by:j2
ID: 2592887
Curiosity.. when you tried proftpd, did you run it as standalone or as a service? and if you chose standaone (which is the better option) did you remember to comment the fpt line out of /etc/inetd.conf and then actually launch proftpd?

I also seem to recall this happening with proftpd if the IP of the client did not resolve back to a fqdn.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2592891
Did you use lsof while the "ftp localhost" was running? If you did (as root) it should have shown the client ftp process and some other lines for what else has the port open.
0
 

Author Comment

by:karwoski
ID: 2592926
j2: When I tried proftpd I was running it as a service.  I'll try proftpd again and do it as a standalone.

jlevie: No, I didn't run lsof when a connection attempt was being made.  Here's the new info I got after doing so:

COMMAND ftp NAME localhost:3343->localhost:ftp (ESTABLISHED)

So it looks like the initial part of a connection is at least being made?
0
 
LVL 2

Accepted Solution

by:
bernardh earned 800 total points
ID: 2592988
try to disable ident by adding "-I 0" as an option to in.ftpd in /etc/inetd.conf then restart inet with the command /etc/rc.d/init.d/inet restart

or you are probably using the old wildcards on your class statements such as: class lcl real,guest,anonymous 127.*.*.* The latest versions don't support this notation for security reasons. Use netmask or CIDR instead, as in either of the following: class lcl real,guest,anonymous 127.0.0.0/8 or class lcl real,guest,anonymous 127.0.0.0:255.0.0.0. i'm talking about the ftpaccess file.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2593025
One more time... In one window as an ordinary user do "ftp localhost". In another window su to root and do "lsof -i TCP:20 -i TCP:20". There should be at two or more lines output. One for the ftp client (the ftp localhost) and one or more for what the client is talking to. It's tha latter That im interested in and only root can see them.
0
 

Author Comment

by:karwoski
ID: 2593416
Ahhh, a bit of progress! bernardh's suggestion of changing the class line in ftpaccess now allows me to successfully login to the ftp server from localhost.  However, when I attempt to make a connection from a remote host I get to enter my username and password but every time it responds saying that the username/password were not accepted for login.

This occurs with or without the addition of -I 0 to the in.ftpd line.

So now I can log in from localhost but not remotely.

jlevie:  This time I ran lsof while ftp localhost was sitting at the password prompt.

I did receive two additional lines of output (that weren't there before I changed the ftpaccess):

Both are COMMAND in.ftpd and NAME localhost:ftp->localhost:3360 (ESTABLISHED) and the only difference is in the FD column "0u" vs. "1u"
0
 
LVL 2

Expert Comment

by:bernardh
ID: 2593634
to be able to allow real users (that is users you allow to access your ftp server, or users that have ids on the server), make sure that their user names does not appear on the file /etc/ftpusers. the user names on that file are actually the userids that are not allowed to access your ftp server.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2593714
Does your /etc/ftpaccess class line look like:

class   all   real,guest,anonymous  *
0
 

Author Comment

by:karwoski
ID: 2593803
The user name I'm using to connect does not appear in /etc/ftpusers.

The line I'm using in /etc/ftpaccess is:

class lcl real,guest,anonymous 127.0.0.0:255.0.0.0
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2593835
That restricts it to localhost, change 127.0.0... to "*".
0
 

Author Comment

by:karwoski
ID: 2594422
Just needed to tweak the ftpaccess class suggestion you gave.
0
 

Author Comment

by:karwoski
ID: 2594434
When I accepted the answer I thought it posted things backward from what I thought it would.

Anyway, jlevie stuck with this problem the longest but it was bernardh who did come up with the root solution to my problem.  Thanks to both of you.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question