Solved

Problem accessing RedHat 9 FTP (vsftpd)

Posted on 2003-11-17
17
7,459 Views
Last Modified: 2010-03-18
I got vsftpd working inside the network; i.e. I can use a win32 FTP client to access my RedHat server at 192.168.1.200. However, when I tried this morning from a remote location using the static IP, I can *connect*, see the welcome message I configured, and see that I am in my home dir. But (1) I cannot see any files or subdirs, and (2) if I try to upload something it gives an error (not too informative) and crashes my win32 FTP client.

Where should I look next and/or how do I get the FTP working? The ultimate goal is to give the web designer access using DreamWeaver MX to his various web directories.
0
Comment
Question by:jchilders_98
  • 8
  • 4
  • 2
  • +2
17 Comments
 
LVL 5

Expert Comment

by:arjanh
ID: 9767019
If you are behind a firewall, allow both ports 20 and 21
And/or use PASV mode transfers
0
 

Author Comment

by:jchilders_98
ID: 9767043
Thanks, I have forwarded both ports 20 and 21 to the RedHat box. I'm connecting to the server from outside (again, I get the welcome message and see my home dir) so I don't think it's a routing issue...
0
 

Author Comment

by:jchilders_98
ID: 9767235
In case that wasn't clear, I HAD ALREADY forwarded the posts -- I still CANNOT connect using FTP. (sorry if that was confusing).
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9768635
man vsftpd.conf - all the options u need to consider are explained there.

Look for the following options:

chroot_list_enable
chroot_list_file
local_root
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9769277
For an FTP server you need ports 1024-65335 forwarded in addition to ports 20 & 21.
0
 
LVL 5

Accepted Solution

by:
arjanh earned 250 total points
ID: 9769398
OR you use passive transfers (with the PASV command in your FTP client) to let the client initiate both data and command connections. Perhaps the remote site has a firewall as well that is causing the troubles....

I had the same problem as you describe, and using passive mode worked.

Active versus passive mode is explained very clearly here: http://slacksite.com/other/ftp.html
0
 

Author Comment

by:jchilders_98
ID: 9772433
I tried forwarding ports 1024-65335 to the server; when I apply the forwarding, the 'net drops (i.e. no connection). Had to un-forward them. Haven't had time to try the other suggestions yet.
0
 

Author Comment

by:jchilders_98
ID: 9772446
Hmm.. well, it works OK with ports 1024-2048 forwarded. I'll give that a try from an external user and see what happens.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:jchilders_98
ID: 9772800
Turns out I lose Internet access with ports 1024-2048 forwarded.  Had to abort that experiment.

More information:
Here's what the FTP command line returns when I try to connect remotely (ids changed to x's):

  C:\Documents and Settings\JChilders>ftp xx.xx.xxx.xxx
  > ftp: connect :Unknown error number
  ftp>

Gotta love 'unknown' error messages. Sigh.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9779262
Because of the need to have the FTP server respond to random, passive client initiated, connections in the 1024-65535 range I don't know how you'd run an FTP server with only a single IP and use that same IP for a NAT'ing firewall. If you could substitute scp or sftp for FTP there wouldn't be any problems with the firewall.
0
 

Author Comment

by:jchilders_98
ID: 9791534
THE ANSWER

I finally figured out what the problem was. Took forever. It seems that I had to add this line to the /etc/xinetd.d/vsftpd file in order for changes to the vsftpd.conf file to actually do anything:

server_args = /etc/vsftpd/vsftpd.conf

Without that, I was just passing time.....
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9792007
should have read man page more carefully.

NAME
vsftpd.conf, the config file for vsftpd
DESCRIPTION
vsftpd.conf may be used to control various aspects of vsftpd's behaviour. By default, vsftpd looks for this file at the location /etc/vsftpd.conf. However, you may override this by specifying a command line argument to vsftpd. The command line argument is the pathname of the configuration file for vsftpd. This behaviour is useful because you may wish to use an advanced inetd such as xinetd to launch vsftpd with different configuration files on a per virtual host basis.
0
 

Author Comment

by:jchilders_98
ID: 9796561
Unless I'm missing something, it is not generally obvious that:
(a) Redhat provides a default xinetd configuration with vsftpd installed and running, and,
(b) creates a vsftpd directory in /etc, and
(c) places a vsftpd.conf file in that directory, and finally
(d) fails to add a single line to the xinetd.d/vsftpd file to connect it to the configuration file that was already created.

For what it's worth, I read the man page for vsftpd very carefully, more than once, and still was unable to determine this "obvious" solution. You might not want to assume that everyone has your level of knowlege.
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9798053
Dear jchilders_98,

Redhat has to support so many different kind of ftp option that it can not put default entry into xinetd config.
i think it should have been done in vsftpd install, may be u can file a bug for vfstpd.
0
 

Author Comment

by:jchilders_98
ID: 9800150
When installing Redhat, the user is presented with a selection of potential uses: workstation, server etc. Click on select packages and you will see the options Redhat offers for various components. Under the "Servers" option, you will find vsftpd, selected by default.  Pro_FTP is also on the CD but is selected-off by default.

Generally speaking, it is super that the distro installs and attempts to configure all these servers with default settings. Everything else worked wonderfully; ftp (as noted) was *almost* perfect and would have worked right out of the box if only the xinetd.d/vsftpd config file had included the cited entry.

I'm still very happy with Redhat in spite of this issue. Samba for example came right up as installed even though I updated the package using the most current RPM from the Samba site. I probably lost about 4 hours on this crazy ftp thing but have learned an important lesson: first, make sure that the changes you are making to config files are actually changing something.

Tho, come to think of it, the welcome message *did* change which threw me off. Must be a quirk about vsftpd. Hmm, maybe I should file a bug report as you suggested. In any case, changing the xinetd.d/vsftpd file produced an instant, successful result.
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9803456
Dear  jchilders_98,

Were u suppose to choose my answer, if u choose wrong answer please post it to CS for help.

thanks,
Shiv
0
 

Expert Comment

by:jackypkh
ID: 10160564
I have similar experience.
After I re-start the service vsftpd with the firewall setting allow FTP. Everything works. Certainly, the user need to be in FTP user.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video discusses moving either the default database or any database to a new volume.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now