Professional Web Applications Themes

vsftpd setup - Linux Setup, Configuration & Administration

On Sun, 20 Jul 2003 04:25:30 -0700, Wenjie wrote: > Hello, > > > Sorry to bother you again. My vsftpd server doesn't seem to work > after a RH upgrading (previously wuftpd). My problem is quite > weird: I cannot access the ftp server even in the LAN! I checked > the router, which also has a similar setting for httpd (and it > is OK), there should be no problem as I can see. > > I checked locally and the ftp works. Anyone know of the problem? > > ---%<--- my vsftpd.conf > anonymous_enable=NO > # > ...

  1. #1

    Default Re: vsftpd setup

    On Sun, 20 Jul 2003 04:25:30 -0700, Wenjie wrote:
    > Hello,
    >
    >
    > Sorry to bother you again. My vsftpd server doesn't seem to work
    > after a RH upgrading (previously wuftpd). My problem is quite
    > weird: I cannot access the ftp server even in the LAN! I checked
    > the router, which also has a similar setting for httpd (and it
    > is OK), there should be no problem as I can see.
    >
    > I checked locally and the ftp works. Anyone know of the problem?
    >
    > ---%<--- my vsftpd.conf
    > anonymous_enable=NO
    > #
    > # Uncomment this to allow local users to log in.
    > local_enable=YES
    > #
    > # Uncomment this to enable any form of FTP write command.
    > write_enable=YES
    > #
    > # Default umask for local users is 077. You may wish to change this to 022,
    > # if your users expect that (022 is used by most other ftpd's)
    > local_umask=022
    > #
    > # You may change the default value for timing out an idle session.
    > idle_session_timeout=600
    > #
    > # You may change the default value for timing out a data connection.
    > data_connection_timeout=120
    Did you check the configuration files vsftpd.ftpusers and
    vsftpd.user_list? By default, vsftp is very tight and you'll have to edit
    these files to give anyone access.


    wesley Guest

  2. #2

    Default Re: vsftpd setup

    On Sun, 20 Jul 2003 Wenjie wrote:
    >Sorry to bother you again. My vsftpd server doesn't seem to work after
    >a RH upgrading (previously wuftpd). My problem is quite weird: I cannot
    >access the ftp server even in the LAN! I checked the router, which also
    >has a similar setting for httpd (and it is OK), there should be no
    >problem as I can see.
    >
    >I checked locally and the ftp works. Anyone know of the problem?
    If something works locally but not in lan then most likely it might be a
    firewall issue. So you stop your firewall and try connecting. In my RH 9
    box, I do '/etc/init.d/iptables stop' to stop it.

    V.

    Vwakes Guest

  3. #3

    Default Re: vsftpd setup

    "wesley" <wesleychefdiana-dot.com> wrote in message news:<pan.2003.07.20.17.07.05.123823chefdiana-dot.com>...
    > On Sun, 20 Jul 2003 04:25:30 -0700, Wenjie wrote:
    >
    > > Hello,
    > >
    > >
    > > Sorry to bother you again. My vsftpd server doesn't seem to work
    > > after a RH upgrading (previously wuftpd). My problem is quite
    > > weird: I cannot access the ftp server even in the LAN! I checked
    > > the router, which also has a similar setting for httpd (and it
    > > is OK), there should be no problem as I can see.
    > >
    > > I checked locally and the ftp works. Anyone know of the problem?
    > >
    > > ---%<--- my vsftpd.conf
    > > anonymous_enable=NO
    > > #
    > > # Uncomment this to allow local users to log in.
    > > local_enable=YES
    > > #
    > > # Uncomment this to enable any form of FTP write command.
    > > write_enable=YES
    > > #
    > > # Default umask for local users is 077. You may wish to change this to 022,
    > > # if your users expect that (022 is used by most other ftpd's)
    > > local_umask=022
    > > #
    > > # You may change the default value for timing out an idle session.
    > > idle_session_timeout=600
    > > #
    > > # You may change the default value for timing out a data connection.
    > > data_connection_timeout=120
    >
    > Did you check the configuration files vsftpd.ftpusers and
    > vsftpd.user_list? By default, vsftp is very tight and you'll have to edit
    > these files to give anyone access.

    I believe it is another problem, since I can ftp locally and
    it does work.


    Best regards,
    Wenjie
    Wenjie Guest

  4. #4

    Default Re: vsftpd setup

    Vwakes <vwakeNOSPAM100softhome.net> wrote in message news:<Pine.LNX.4.55.0307201359470.11751xnqnccn.cv arzna>...
    > On Sun, 20 Jul 2003 Wenjie wrote:
    >
    > >Sorry to bother you again. My vsftpd server doesn't seem to work after
    > >a RH upgrading (previously wuftpd). My problem is quite weird: I cannot
    > >access the ftp server even in the LAN! I checked the router, which also
    > >has a similar setting for httpd (and it is OK), there should be no
    > >problem as I can see.
    > >
    > >I checked locally and the ftp works. Anyone know of the problem?
    >
    > If something works locally but not in lan then most likely it might be a
    > firewall issue. So you stop your firewall and try connecting. In my RH 9
    > box, I do '/etc/init.d/iptables stop' to stop it.
    >
    > V.
    Thanks! I will try it later. BTW, how could I check that iptables is
    running? And I hope you answer the problem correctly, I shoundn't have
    thrown so much time on the poor router...


    Best regards,
    Wenjie
    Wenjie Guest

  5. #5

    Default vsftpd setup

    I've been spending quite some time trying to get vsftpd to work on my
    RH9 machine.
    I've installed the package from the rpm, set the vsftpd.conf and
    vsftpd.xinetd file (since I want to use xinetd to run it).
    vsftpd is already running as a service, but I still can't connect to it
    from remote machine.
    My goal is to be able to ftp to my linux box as local users.

    Here's what my vsftpd.conf look like:
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=NO
    xferlog_std_format=YES
    ftpd_banner=Welcome to my FTP server.
    pam_service_name=vsftpd
    userlist_enable=NO
    listen=NO
    tcp_wrappers=NO

    and this is what the vsftpd.xinetd file look like:
    service ftp
    {
    socket_type = stream
    wait = no
    user = root
    server = /usr/sbin/vsftpd
    nice = 10
    disable = no
    flags = IPv4
    per_source = 5
    instances = 10
    }
    I've check the binary file for vsftp is at /usr/sbin directory.
    There are also vsftpd.ftpusers and vsftpd.user_list in /etc.

    Can you somebody enlighten me on this problem?
    Thanks.

    -Stefanus

    Stefanus Guest

  6. #6

    Default Re: vsftpd setup

    Stefanus Johny wrote:
     

    In RH 9, vsftpd is not set up to be run by xinetd, and you should not try to
    make it do this. There are some security issues. Just run it as a normal
    service.
     

    Then post:

    # service vsftpd status

    And post:

    # chkconfig --list vsftpd

     

    How about connection from the local machine? I ask this to try to eliminate
    the effect of a firewall. If you have firewall security=high, you will not
    get FTP from a remote machine.

    --
    Paul Lutus
    http://www.arachnoid.com

    Paul Guest

  7. #7

    Default Re: vsftpd setup

    thanks for your time and help

    when I run
    # service vsftpd status
    it says: vsftpd dead but subsys locked

    # chkconfig --list vsftpd
    returns "vsftpd 1-6:off "

    dunno what they mean.

    you're right about firewall issue, I connect from the local machine and
    it worked. but the firewall setting was already on medium and I have set
    to allow incoming FTP, but it still doesn't work.
    when I try to connect from remote machine, after typing
    # ftp [ipaddress]
    it just sits there until it timed out and said
    "ftp: connect :Unknown error number"

    do you know how to fix this?
    thanks.

    -Stefanus


    Paul Lutus wrote: 
    >
    >
    > In RH 9, vsftpd is not set up to be run by xinetd, and you should not try to
    > make it do this. There are some security issues. Just run it as a normal
    > service.
    >

    >
    >
    > Then post:
    >
    > # service vsftpd status
    >
    > And post:
    >
    > # chkconfig --list vsftpd
    >
    >

    >
    >
    > How about connection from the local machine? I ask this to try to eliminate
    > the effect of a firewall. If you have firewall security=high, you will not
    > get FTP from a remote machine.
    >[/ref]


    Stefanus Guest

  8. #8

    Default Re: vsftpd setup

    I also have tried to disable firewall using the
    redhat-config-securitylevel tool, but i still can't connect from remote
    machines.


    Paul Lutus wrote:
     
    >
    >
    > In RH 9, vsftpd is not set up to be run by xinetd, and you should not try to
    > make it do this. There are some security issues. Just run it as a normal
    > service.
    >

    >
    >
    > Then post:
    >
    > # service vsftpd status
    >
    > And post:
    >
    > # chkconfig --list vsftpd
    >
    >

    >
    >
    > How about connection from the local machine? I ask this to try to eliminate
    > the effect of a firewall. If you have firewall security=high, you will not
    > get FTP from a remote machine.
    >[/ref]


    Stefanus Guest

  9. #9

    Default Re: vsftpd setup

    Stefanus Johny wrote:
     

    Please! Answer my questions:
     
    >>
    >>
    >> How about connection from the local machine?[/ref][/ref]

    I asked three questions and got zero answers.

    --
    Paul Lutus
    http://www.arachnoid.com

    Paul Guest

  10. #10

    Default Re: vsftpd setup

    Stefanus Johny wrote:
     

    Reinstall vsftpd as a service, not as an xinetd client. This is the RH 9
    default configuration.
     

    What was the result for this call?

    What happened when you tried to connect locally?

    --
    Paul Lutus
    http://www.arachnoid.com

    Paul Guest

  11. #11

    Default Re: vsftpd setup

    Stefanus Johny wrote:
     

    Means it's off by default. Read the manual page on "chkconfig", and on
    "service" to start and stop these things by hand.

    Nico Guest

  12. #12

    Default Re: vsftpd setup

    On Tue, 14 Oct 2003 23:30:46 -0700, Paul Lutus <zzz>
    wrote:

    <snip>
     

    <snip>

    Paul,

    This is the first time I have heard this! There is even an example
    (/usr/share/doc/vsftpd-1.1.3/vsftpd.xinetd) for doing it so. It runs
    that way here just fine! I prefer using xinetd vs. running a daemon for
    ftp since it is rarely used.

    If there is indeed a security risk, I would like to know more. Could you
    please elaborate? I am allowing *only* anonymous access to the ftp
    directory (on a lone partition) if that makes a difference. All other
    logins are denied. Period. Should I maybe go back to using Proftpd under
    xinetd?

    TIA


    --
    "Now are you talking about what it is you know
    Or just repeating what it was you heard."
    Grace Slick
    To E-mail use: rpiotro(at)wi(dot)rr(dot)com
    Rich Guest

  13. #13

    Default Re: vsftpd setup

    Stefanus Johny wrote:
     

    First, make vsftpd run as a primary service (the RH 9 default arangement),
    not under xinetd, then enter this:

    # service vsftpd restart

    and:

    # chkconfig --level 345 vsftpd on
     

    So vsftpd is either running, or you have two FTP servers running or poised
    to run (not unheard of in these troubles times) :).

    --
    Paul Lutus
    http://www.arachnoid.com

    Paul Guest

  14. #14

    Default Re: vsftpd setup

    this is great
    thanks for all your help


    Paul Lutus wrote: 
    >
    >
    > First, make vsftpd run as a primary service (the RH 9 default arangement),
    > not under xinetd, then enter this:
    >
    > # service vsftpd restart
    >
    > and:
    >
    > # chkconfig --level 345 vsftpd on
    >

    >
    >
    > So vsftpd is either running, or you have two FTP servers running or poised
    > to run (not unheard of in these troubles times) :).
    >[/ref]


    Stefanus Guest

  15. #15

    Default Re: vsftpd setup

    Rich Piotrowski wrote:
     
    >
    >
    > <snip>
    >
    > Paul,
    >
    > This is the first time I have heard this! There is even an example
    > (/usr/share/doc/vsftpd-1.1.3/vsftpd.xinetd) for doing it so. It runs
    > that way here just fine! I prefer using xinetd vs. running a daemon for
    > ftp since it is rarely used.[/ref]

    It used to be run that way in RedHat 8.0. I prefer to entirely remove
    xinetd on servers, since it re-reads the configuration files on every
    new connection and makes actively editing your configuration files quite
    dangerous in security terms and reliability terms. You don't get the
    chance to sanity check your config files before enabling the new
    configuration this way.
     

    That's not a bad approach: it's just not the standard for a lot of
    critical services these days.

    Nico Guest

  16. #16

    Default Re: vsftpd setup

    On Wed, 15 Oct 2003 23:04:24 -0400, Nico Kadel-Garcia
    <net> wrote:

    <snip>
     

    Yep, I've been bit by that. Am aware of it and watch out for it. I guess
    that is a fair argument against it.
     
    >
    >That's not a bad approach: it's just not the standard for a lot of
    >critical services these days.[/ref]

    Well, I changed vsftpd to run as a daemon. It has such a small footprint
    that I guess it does not really serve any advantage to run it under
    xinetd. As a daemon, I can still use wrappers if I desire and limit
    connections.

    There has been a weird side effect though. My son is running a server in
    his dorm room on an old K6-200 to provide firewalling, print serving for
    himself and roommate and to allow select individuals to access his MP3s.
    When he connects to my ftp server from there, it would take quite a long
    time (60 sec?) to connect. I have only seen this from his server. I
    suspect a name resolution problem. We have not gotten around to looking
    at that since everything else works OK. When I changed vsftpd to run as
    a daemon, that went away! It connects immediately! Is that a "good
    thing" or a "bad thing"?


    --
    "Now are you talking about what it is you know
    Or just repeating what it was you heard."
    Grace Slick
    To E-mail use: rpiotro(at)wi(dot)rr(dot)com
    Rich Guest

  17. #17

    Default Re: vsftpd setup

    Rich Piotrowski wrote:

    < snip >
     

    It's a good thing, but I would want to find out why the name resolution is
    so slow.

    --
    Paul Lutus
    http://www.arachnoid.com

    Paul Guest

Similar Threads

  1. vsftpd
    By pkt in forum Linux / Unix Administration
    Replies: 1
    Last Post: February 23rd, 09:19 PM
  2. vsftpd questions
    By David in forum Linux Setup, Configuration & Administration
    Replies: 1
    Last Post: September 21st, 09:05 PM
  3. Starting vsftpd
    By Vwakes in forum Linux Setup, Configuration & Administration
    Replies: 2
    Last Post: July 1st, 02:31 AM
  4. SSH tunneling to vsftpd not working RH8
    By Nico Kadel-Garcia in forum Linux Setup, Configuration & Administration
    Replies: 4
    Last Post: June 30th, 05:30 PM
  5. Setting vsftpd to only allow local connections...
    By Kenneth A Kauffman in forum Linux Setup, Configuration & Administration
    Replies: 0
    Last Post: June 26th, 06:27 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139