Solaris 10 x86 ftp JASS URGENT

I've hardened my Solaris 10 using JASS, but I need to start the ftp server from time.
I've tried svcam enable network/ftp and this seames to start the ftp server?
using NETSTAT -a | grep LISTEN it now listen on the .ftp
I've added ftpd: ALL   to /etc/hosts.allow.
And I've disabled ipfilter, while I'm trying to be shure.

ftp localhost gives me:
ftp: connect to address ::1: Network is unreachable
Connected to localhost.
421 Service not available, remote server has closed connection

and ftp from a remote host gives me theese messages in /var/adm/messages:
Apr  4 17:33:08 webserver inetd[238]: [ID 317013 daemon.notice] ftp[713] from 3084
Apr  4 17:33:08 webserver in.ftpd[713]: [ID 808958 daemon.warning] refused connect from (access denied)

Any ide what I'm missing?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

make sure that FTP is enable, check /etc/services and /etc/inetd.conf file and make sure that your firewall open for port 21.

Consider use secure ftp (sftp comes with openshh) instead od FTP, you can download it from:
David PiniellaCommented:
are you using the ipf that's installed with solaris? or did you isntall afterwards? did you disable or just allow FTP? if you allowed FTP, re-HUP the fw process....not being able to connect via localhost on the box itself points to the service not being started on the box....
ipf has nothing to do with this.  

I'm suspect of the /etc/ftpd/ftpaccess file.  Run the following:

# inetadm -l ftp | grep exec
         exec="/usr/sbin/in.ftpd -a"

Notice the -a is set.  Man page for in.ftpd says:

     -a              Enables use of the ftpaccess(4) file.

Man page for ftpaccess has the following entry:

     deny addrglob [message_file]

         Deny access to host(s) that match addrglob  and  display
         message_file.  If  the  value of addrglob is !nameserved
         access to sites without a working nameservers is denied.
         message_file  may contain magic cookies. See message for
         more details.

Check your /etc/ftpd/ftpaccess file for a "deny" statement.
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

kristian_grAuthor Commented:
# inetadm -l ftp | grep exec
gives me:
exec="/usr/sbin/in.ftpd -l -a"
-l should just be logging
ftpaccess has no deny statement
ftphost:   allow    ftp   *

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I will leave the following recommendation for this question in the Cleanup topic area:

PAQ - refund points

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer
PAQed with points refunded (500)

Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.