You are not logged in.

Pages: 1

#1 2009-08-29 01:06:41

B4RR13N705
Member
Registered: 2009-06-08
Posts: 87

vsFTPd, doesnt allow external connections.

Hi, ive installed vsFTPd and configure it.
I can log in localy, and it works great, but anyone from outside can succesfully connect. And i dont know why.
Ive searched in google for more that 5 hours but still have the same problem.

# vsftpd.conf
listen=YES
listen_port=21
background=YES
listen_address=192.169.129.59
ftp_data_port=20
port_enable=YES
pasv_enable=YES
pasv_min_port=44400
pasv_max_port=44499
pasv_address=24.24.24.24
connect_from_port_20=YES
anonymous_enable=YES
anon_root=/pub
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
ftpd_banner=Welcome to blah FTP service.

iptables -L:

[jk@arch4linux ~]$ sudo iptables -L
Contraseña:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Is something wrong here?

OS -----> Arch Linux     DE -----> KDE4
CPU ---> 2.66GHz         RAM ---> 512 MB
SWAP -> 2 G                / -------> 10 G
/home -> 50 G             /boot ---> 64 MB

Offline

#2 2009-08-29 03:23:57

bangkok_manouel
Member
From: indicates a starting point
Registered: 2005-02-07
Posts: 1,556

Re: vsFTPd, doesnt allow external connections.

/etc/hosts.allow ?

Offline

#3 2009-08-29 05:20:17

djszapi
Member
From: Cambridge, United Kingdom
Registered: 2009-06-14
Posts: 1,439
Website

Re: vsFTPd, doesnt allow external connections.

Is iptables running ?

http://lpapp.blogspot.com

Offline

#4 2009-08-29 06:18:36

DonVla
Member
From: Bonn, Germany
Registered: 2007-06-07
Posts: 997

Re: vsFTPd, doesnt allow external connections.

@djszapi: obviously iptables is not "running". there are no rules set.

@B4RR13N705:
what do you mean with locally and externally?
same pc, lan or wan? is it only a local server?
i think it has smth to do with the "listen_address=192.169.129.59" entry...
or with hosts.allow/deny:
add
"
vsftpd : ALL : ALLOW
"
to your /etc/hosts.allow file.

Offline

#5 2009-08-29 15:40:22

B4RR13N705
Member
Registered: 2009-06-08
Posts: 87

Re: vsFTPd, doesnt allow external connections.

DonVla wrote:

@djszapi: obviously iptables is not "running". there are no rules set.

@B4RR13N705:
what do you mean with locally and externally?
same pc, lan or wan? is it only a local server?
i think it has smth to do with the "listen_address=192.169.129.59" entry...
or with hosts.allow/deny:
add
"
vsftpd : ALL : ALLOW
"
to your /etc/hosts.allow file.

With localy and externaly i mean, that i can connect to the FTP from the same computer, but no one from outside can...
the listen_address=192.169.129.59 is because, my eth0 ip is 192.169.129.59.
IM really newbie on all this networking stufff...

OS -----> Arch Linux     DE -----> KDE4
CPU ---> 2.66GHz         RAM ---> 512 MB
SWAP -> 2 G                / -------> 10 G
/home -> 50 G             /boot ---> 64 MB

Offline

#6 2009-08-29 16:01:22

DonVla
Member
From: Bonn, Germany
Registered: 2007-06-07
Posts: 997

Re: vsFTPd, doesnt allow external connections.

are you using the ftp server on a lan or over the internet.
192.169.129.59 is a _private_ ip address (http://en.wikipedia.org/wiki/Private_network)
try omitting the listen_address entry. afais it's used only for virtual ips (http://viki.brainsware.org/?en/FAQ -> "Help! Does vsftpd do virtual hosting setups?" section).
but first try setting entries in /etc/hosts.allow as formerly suggested.

Offline

#7 2009-09-10 20:42:12

Cosmin
Member
Registered: 2008-10-06
Posts: 248

Re: vsFTPd, doesnt allow external connections.

I have the same problem with a play ftp server / internet connection sharing router
The problem is nobody from outside can connect and I think iptables does a good job:

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
REJECT     udp  --  anywhere             anywhere            udp dpt:bootps reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere            udp dpt:domain reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
DROP       tcp  --  anywhere             anywhere            tcp dpts:0:1023
DROP       udp  --  anywhere             anywhere            udp dpts:0:1023

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             192.168.0.0/16     
ACCEPT     all  --  192.168.0.0/16       anywhere           
ACCEPT     all  --  anywhere             192.168.0.0/16     

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

how do i open port 20 and 21?

I tryed what I found on the net: 

iptables -t filter -A OUTPUT -p tcp –dport 20:21 -j ACCEPT
Bad argument `–dport'
Try `iptables -h' or 'iptables --help' for more information.

any ideeas would be great. big_smile

LATER: solution found

iptables -I INPUT -p tcp --dport 21 -j ACCEPT
iptables -I INPUT -p udp --dport 20 -j ACCEPT

Last edited by Cosmin (2009-09-10 20:59:38)

Offline

Pages: 1

Board footer

Powered by FluxBB