Re: Question on Internet access of vsftp server

From: Bob Smith (slyders_at_ix.netcom.com)
Date: 12/21/03

  • Next message: Bob Smith: "Re: Question on Internet access of vsftp server" 
    To: redhat-list@redhat.com
Date: Sat, 20 Dec 2003 16:11:39 -0700

    Pete,

    >Try temorarily stopping your iptables altogether, then do a quick test of ftp
    >& telnet (as long as telnet server is activated in inetd.
    >
    I need to figure that out. Would this work:
    -A <INPUT_RULE> -p tcp -m tcp --dport 0:1023 --syn -j ACCEPT
    or should I go with:
    *filter
    :INPUT ACCEPT [0:1023]
    :FORWARD ACCEPT [0:1023]
    :OUTPUT ACCEPT [0:1023]

    Right not my tables look like:
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :<INPUT_RULE> - [0:0]
    -A INPUT -j <INPUT_RULE>
    -A FORWARD -j <INPUT_RULE>
    -A <INPUT_RULE> -p tcp -m tcp --dport 20 --syn -j ACCEPT
    -A <INPUT_RULE> -p tcp -m tcp --dport 21 --syn -j ACCEPT
    ... opening rules
    -A <INPUT_RULE> -p tcp -m state --state NEW,INVALID,ESTABLISHED,RELATED
    -i eth0 --dport 20:21 -j LOG --log-prefix "NetF FTP Failure: "
    <reject rules>
    ... with my other specific port openings and closing rules. I thought I
    would try to catch any messages for the two FTP ports.

    >Earlier I said to look in init.d but meant in /etc/inetd.d, and to look in the
    >vsftpd file in there. Sorry about the typo. But either way, it was just to
    >show how you can see it is a tcp service, but Jason covers it better anyway.
    >
    Actually, I don't have an /etc/inetd.d folder, but I do have an init.d,
    which is where I found the vsftpd file that it appears /sbin/service
    uses. It doesn't mention stream in it.

    >As far as the ftp to localhost failing, is that a vsftpd setting or are you
    >not allowing local loopback in your firewall (I expect that would be a
    >requirement for ftp localhost)
    >

    That was a local setting. I had set the listen_address directive in the
    vsftpd config file. I removed it and restarted vsftpd, and I am now
    able to ftp in using localhost, <localhost IP>, mydomain and <mydomain
    IP>.

    >
    >So just to get the picture straight, you have only one system and it is the
    >ftp server, and you can access it locally via the hostname or your external
    >IP, but not using localhost or 127.0.0.1?
    >And machines upstream (on the Internet) cannot get to your ftp service.
    >Have you looked at the logs since you moved the --log string above the ftp
    >rules?
    >

    I have a single system which is hosting an FTP server, among other
    services. I can access the FTP service from that single system, whether
    I'm accessing it as mydomain, localhost, or their respective IP
    addresses. I cannot access the FTP service from my machine at home. I
    have other services open, such as HTTP, SMTP and DNS, and access the
    system without a problem on all of the other services.

    I have temporarily released the system's firewall block on telnet, and
    cannot access the telnet port. I have also just checked, and I cannot
    access the system's SMTP port via telnet from this machine, even though
    I am receiving email on that system. That's what's making me wonder
    whether I am having connectivity headaches with my dialup machine.

    The system connects to a switch which is then connected to the DSL modem
    for its Internet connection. There is another network that also runs
    off that same switch, but there is nothing from that other network which
    connects to my network, nor is there any other network element between
    the system and the modem, other than the cables... :-)

    I am unable to locate any logging messages regarding vsftpd in
    /var/log/messages. I'm not able to locate any messages in
    /var/log/messages, or any other log, with a grep for NetF, as set up in
    iptables for that rule to log anything incoming on port 21.

    I need to test from another network point to eliminate the possibility
    of a problem with my dialup machine and its firewall (sorry... :-) Win2k
    and McAfee firewall), and I hope to get that done in the next couple of
    hours. I am able to ftp from my local machine to other FTP servers,
    such as ftp.fcc.gov.

    -Bob 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Bob Smith: "Re: Question on Internet access of vsftp server"

    Relevant Pages

    • Re: Sysinstall FTP from LAN - not working
      ... > I am trying to install 5.2.1 from an iMac running OSX with an FTP ... > connecting to the FTP server on the iMac. ... > I set up the network information automatically with the DHCP selection ...
      (freebsd-questions)
    • RE: ftp not working after security update .#10054
      ... Do the issue occurs when you visit specific FTP site or all FTP sites? ... What your network topology? ... the SBS server separates the network into two ... 825763 How to configure Internet access in Windows Small Business Server ...
      (microsoft.public.windows.server.sbs)
    • Re: FTP problems
      ... FTP was never particularly reliable, which I blamed on the rather old ... server I've been using. ... I use PlusNet as ISP through a BT ADSL connection. ... network has one RPC one PPC Mac and a LaserWriter II. ...
      (comp.sys.acorn.networking)
    • Re: Exch2k3 drops remote connection attempts
      ... network telnet is working as it should be. ... If you connect from the internet ... to the smtp port than the server drops the connection. ...
      (microsoft.public.exchange.admin)
    • Re: VPN to ISA server, cant FTP through it
      ... filter on the FTP server first. ... what the client IP address might be, but I do know what the server IP ... through a VPN, will they not be encrypted anyway? ... then the Source Network would be the "created" Network that ws created when ...
      (microsoft.public.isa.vpn)
    Loading