Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7502
  • Last Modified:

Problem accessing RedHat 9 FTP (vsftpd)

I got vsftpd working inside the network; i.e. I can use a win32 FTP client to access my RedHat server at 192.168.1.200. However, when I tried this morning from a remote location using the static IP, I can *connect*, see the welcome message I configured, and see that I am in my home dir. But (1) I cannot see any files or subdirs, and (2) if I try to upload something it gives an error (not too informative) and crashes my win32 FTP client.

Where should I look next and/or how do I get the FTP working? The ultimate goal is to give the web designer access using DreamWeaver MX to his various web directories.
0
jchilders_98
Asked:
jchilders_98
  • 8
  • 4
  • 2
  • +2
1 Solution
 
arjanhCommented:
If you are behind a firewall, allow both ports 20 and 21
And/or use PASV mode transfers
0
 
jchilders_98Author Commented:
Thanks, I have forwarded both ports 20 and 21 to the RedHat box. I'm connecting to the server from outside (again, I get the welcome message and see my home dir) so I don't think it's a routing issue...
0
 
jchilders_98Author Commented:
In case that wasn't clear, I HAD ALREADY forwarded the posts -- I still CANNOT connect using FTP. (sorry if that was confusing).
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
shivsaCommented:
man vsftpd.conf - all the options u need to consider are explained there.

Look for the following options:

chroot_list_enable
chroot_list_file
local_root
0
 
jlevieCommented:
For an FTP server you need ports 1024-65335 forwarded in addition to ports 20 & 21.
0
 
arjanhCommented:
OR you use passive transfers (with the PASV command in your FTP client) to let the client initiate both data and command connections. Perhaps the remote site has a firewall as well that is causing the troubles....

I had the same problem as you describe, and using passive mode worked.

Active versus passive mode is explained very clearly here: http://slacksite.com/other/ftp.html
0
 
jchilders_98Author Commented:
I tried forwarding ports 1024-65335 to the server; when I apply the forwarding, the 'net drops (i.e. no connection). Had to un-forward them. Haven't had time to try the other suggestions yet.
0
 
jchilders_98Author Commented:
Hmm.. well, it works OK with ports 1024-2048 forwarded. I'll give that a try from an external user and see what happens.
0
 
jchilders_98Author Commented:
Turns out I lose Internet access with ports 1024-2048 forwarded.  Had to abort that experiment.

More information:
Here's what the FTP command line returns when I try to connect remotely (ids changed to x's):

  C:\Documents and Settings\JChilders>ftp xx.xx.xxx.xxx
  > ftp: connect :Unknown error number
  ftp>

Gotta love 'unknown' error messages. Sigh.
0
 
jlevieCommented:
Because of the need to have the FTP server respond to random, passive client initiated, connections in the 1024-65535 range I don't know how you'd run an FTP server with only a single IP and use that same IP for a NAT'ing firewall. If you could substitute scp or sftp for FTP there wouldn't be any problems with the firewall.
0
 
jchilders_98Author Commented:
THE ANSWER

I finally figured out what the problem was. Took forever. It seems that I had to add this line to the /etc/xinetd.d/vsftpd file in order for changes to the vsftpd.conf file to actually do anything:

server_args = /etc/vsftpd/vsftpd.conf

Without that, I was just passing time.....
0
 
shivsaCommented:
should have read man page more carefully.

NAME
vsftpd.conf, the config file for vsftpd
DESCRIPTION
vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By default, vsftpd looks for this file at the location /etc/vsftpd.conf. However, you may override this by specifying a command line argument to vsftpd. The command line argument is the pathname of the configuration file for vsftpd. This behaviour is useful because you may wish to use an advanced inetd such as xinetd to launch vsftpd with different configuration files on a per virtual host basis.
0
 
jchilders_98Author Commented:
Unless I'm missing something, it is not generally obvious that:
(a) Redhat provides a default xinetd configuration with vsftpd installed and running, and,
(b) creates a vsftpd directory in /etc, and
(c) places a vsftpd.conf file in that directory, and finally
(d) fails to add a single line to the xinetd.d/vsftpd file to connect it to the configuration file that was already created.

For what it's worth, I read the man page for vsftpd very carefully, more than once, and still was unable to determine this "obvious" solution. You might not want to assume that everyone has your level of knowlege.
0
 
shivsaCommented:
Dear jchilders_98,

Redhat has to support so many different kind of ftp option that it can not put default entry into xinetd config.
i think it should have been done in vsftpd install, may be u can file a bug for vfstpd.
0
 
jchilders_98Author Commented:
When installing Redhat, the user is presented with a selection of potential uses: workstation, server etc. Click on select packages and you will see the options Redhat offers for various components. Under the "Servers" option, you will find vsftpd, selected by default.  Pro_FTP is also on the CD but is selected-off by default.

Generally speaking, it is super that the distro installs and attempts to configure all these servers with default settings. Everything else worked wonderfully; ftp (as noted) was *almost* perfect and would have worked right out of the box if only the xinetd.d/vsftpd config file had included the cited entry.

I'm still very happy with Redhat in spite of this issue. Samba for example came right up as installed even though I updated the package using the most current RPM from the Samba site. I probably lost about 4 hours on this crazy ftp thing but have learned an important lesson: first, make sure that the changes you are making to config files are actually changing something.

Tho, come to think of it, the welcome message *did* change which threw me off. Must be a quirk about vsftpd. Hmm, maybe I should file a bug report as you suggested. In any case, changing the xinetd.d/vsftpd file produced an instant, successful result.
0
 
shivsaCommented:
Dear  jchilders_98,

Were u suppose to choose my answer, if u choose wrong answer please post it to CS for help.

thanks,
Shiv
0
 
jackypkhCommented:
I have similar experience.
After I re-start the service vsftpd with the firewall setting allow FTP. Everything works. Certainly, the user need to be in FTP user.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now