[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Ubuntu vsftpd not loging in from public ip

Posted on 2014-04-09
16
Medium Priority
?
581 Views
Last Modified: 2014-05-15
Hello experts,

I have setup the vsftpd in my Ubuntu instalation.
I have the users set up, and everything works fine when i login from the local network.

But when i login from outside using our public ip, the login doesn't work, asks for password saying:
550 Permission denied
Requested action not taken (e.g., file or directory not found, no access).

What am i doing wrong? Or what should i be doing?

Thx in advanced,
Miguel
0
Comment
Question by:justaphase
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 3
  • 2
  • +2
16 Comments
 
LVL 22

Assisted Solution

by:Matt V
Matt V earned 1200 total points
ID: 39989743
Is your iptables setup for FTP?  There are some special rules for FTP because it switches ports after you connect.

Try connecting from the outside using PASV mode and see if it works.
0
 
LVL 1

Author Comment

by:justaphase
ID: 39990099
i tried pasv and didn't work.
iptables? didn't try that. i'm a novice installing linux servers..

goona google it to know how to, and let u know.

Thx :)
0
 
LVL 62

Expert Comment

by:gheist
ID: 39990232
Any kind of firewall between you outside and the server?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
LVL 22

Assisted Solution

by:Matt V
Matt V earned 1200 total points
ID: 39990441
This has an example:

http://unix.stackexchange.com/questions/93554/iptables-to-allow-incoming-ftp

The example only shows entries for FTP... the important rules are:

-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 20 -j ACCEPT
0
 
LVL 13

Accepted Solution

by:
Sandy earned 800 total points
ID: 39990875
remove below option from /etc/vsfptd/vsftpd.conf

connect_from_port_20

And restart the service.

TY/SA
0
 
LVL 1

Author Comment

by:justaphase
ID: 39991074
My current iptable config is this:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Open in new window

Shouldn't this be enough?

the line connect_from_port_20 was already removed and didn't work.

I'm running Ubuntu 13.10.
And my vsftpd.conf is like this:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
file_open_mode=0644
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
pasv_enable=YES
pasv_min_port=20
pasv_max_port=7050
pasv_address=my_public_ip
pasv_addr_resolve=YES
chroot_local_user=NO
chroot_list_enable=YES
allow_writeable_chroot=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Open in new window

And my vsftpd.chroot_list file as one user.

All works fine in local network. But from outside using our public ip, gives 550 permission error :(
0
 
LVL 1

Author Comment

by:justaphase
ID: 39991169
mattvmotas,

After i made the changes you told, the problem maintains :(
When i make "$ iptables -L" i get this configuration:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             state ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ftp-data

Open in new window

Some entry's seems duplicated because i executed the command more than once...

Isn't there a file where i can edit iptables instead of change it by "iptables" command?
0
 
LVL 1

Author Comment

by:justaphase
ID: 39992256
Help anyone? :\
0
 
LVL 13

Expert Comment

by:Sandy
ID: 39994022
/etc/sysconfig/iptables is the file location

By the way.. can you give a try by stopping the iptables temporarily ?

TY/SA
0
 
LVL 1

Author Comment

by:justaphase
ID: 39994167
I have Ubuntu 13.10, that sysconfig folder with iptables doesn't exist.

I have stoped the firewall like this:
sudo ufw disable

Open in new window

And flushed iptables like this
sudo iptables -F

Open in new window

And it's the same:
550 Permission denied
Requested action not taken (e.g., file or directory not found, no access).

Open in new window


Is if i had to give some sort of permission to the user to use the external Ip..
Like: username@local and username@publicip....
0
 
LVL 1

Author Comment

by:justaphase
ID: 39994797
And as i mentioned.. The ftp doesn't give the permission error right away.
It keeps asking for login over and over and doesn't accept it..
Gives a 550 error permission when using a ftp software tool in the info pain and by browser, doesn't give any error, only keeps asking for login..
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 39994876
Please see below link for vsftpd config on ubuntu:

https://help.ubuntu.com/community/vsftpd 

in another question, the user just changed below line to get his issue resolved:


pam_service_name=vsftpd


to

pam_service_name=ftp
0
 
LVL 1

Author Comment

by:justaphase
ID: 40003971
I all,

I tried to change the port to 2121, because i think the problem was the router, it was not using the port 21 on my linux server.
Then, changed the configuration to this:
listen=YES
port_enable=YES
listen_port=2121
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
file_open_mode=0644
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
pasv_enable=YES
pasv_min_port=2000
pasv_max_port=7050
pasv_address=my_public_ip
#pasv_addr_resolve=YES
#chroot_local_user=NO
#chroot_list_enable=YES
#allow_writeable_chroot=YES
#chroot_list_file=/etc/vsftpd.chroot_list
#secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd

#userlist_enable=YES
tcp_wrappers=YES

Open in new window

And the login works!
but... now i'm receiving another error :(
The folder list doesn't show and gives this error:
500 Illegal PORT command.
Syntax error: command unrecognized.
Failed to establish data socket.

Open in new window

What should i change?
0
 
LVL 13

Expert Comment

by:Sandy
ID: 40003989
could be ISPConfig firewall was blocking the PASV ports. try opening up ports 60000 to 60005 to get it worked.

TY/SA
0
 
LVL 1

Author Comment

by:justaphase
ID: 40004061
ISPConfig firewall? Router firewall?
0
 
LVL 1

Author Comment

by:justaphase
ID: 40066654
I found the problem, and shame on the techs of my company..
They didn't fully disabled the ftp option from the router as i asked them. I had to go by telnet to really disable that option, and finally i had my 21 port free and the ftp running...
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question