Re: Question on Internet access of vsftp server
From: Pete Nesbitt (pete_at_linux1.ca)
Date: 12/20/03
- Previous message: Cameron Simpson: "Re: switching WMs, and request for recommendations"
- In reply to: Bob Smith: "Re: Question on Internet access of vsftp server"
- Next in thread: Bob Smith: "Re: Question on Internet access of vsftp server"
- Reply: Bob Smith: "Re: Question on Internet access of vsftp server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: redhat-list@redhat.com Date: Fri, 19 Dec 2003 20:31:28 -0800
On December 19, 2003 07:11 pm, Bob Smith wrote:
> Pete,
>
> I've been editing the iptables by hand. The version of GUI
> configuration tool that I was using didn't handle the firewall rules
> that I wanted. I went in to the iptables file and wrote the following
> rule:
>
> -A INPUT -p tcp -m state --state NEW -i eth0 --dport 21 -j LOG
> --log-prefix "NetF FTP Failure: "
> I then did an iptables service restart, tested, and had no luck. I then
> rebooted the machine.
>
> I replaced the rpm using the rpm from the Red Hat site, but did not put
> in any previous errata patches.
>
> I edited vsftpd.conf to listen to my IP address, not the localhost
> address, and enabled log_ftp_protocol. I also set the pasv_min_port
> above 1024.
>
> There are no entries in /etc/hosts.deny, and I have added vsftpd: ALL to
> /etc/hosts.allow.
> The /etc/init.d/vsftpd looks plausible. I didn't see any explicit
> prohibitions or exclusions, and it seems to be pointed to the
> vsftpd.conf file.
>
> I've restarted the vsftpd service after adding in the changes to
> vsftpd.conf. Then retested. Still no luck. And to make it even more
> interesting, I have not been able to locate any mention of "NetF" in any
> of the log files in /var/log.
>
> I'm at a loss. It almost seems like FTP is not making it to the
> machine. I've tested FTP from this machine to a .gov server that I
> sometimes use, and have gotten access. I'm not sure what I should be
> looking at next.
>
> Thanks,
>
> -Bob
>
> >On December 18, 2003 08:45 pm, Pete Nesbitt wrote:
> >...
> >
> >>chain and the internet is accessed via eth0, then the log line would look
> >>like:
> >>
> >>$IPTABLES -A INPUT -p tcp -m state --state NEW -i $EXT_IF \
> >> --dport 21 -j LOG --log-prefix "NetF FTP Failure: "
Bob,
I thought it was working from within your lan. Can you access via ftp from the
localhost (may need to use ip#) or from another local system?
does "netstat -l" show a line including something like:
tcp 0 0 *:ftp *:* LISTEN
(or maybe 21 instaead of ftp)
Even if vsftp is not running, a log line in the top of your rules above the
ftp allow stuff, should log all new ftp attempts. If you are not even getting
that, the problem is not vsftp.
I would expect log messages to be in: /var/log/messages
-- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Cameron Simpson: "Re: switching WMs, and request for recommendations"
- In reply to: Bob Smith: "Re: Question on Internet access of vsftp server"
- Next in thread: Bob Smith: "Re: Question on Internet access of vsftp server"
- Reply: Bob Smith: "Re: Question on Internet access of vsftp server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
