1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Can't access FTP any linux server

Discussion in 'Linux / BSD / Mac OS X' started by newtekie1, Feb 16, 2010.

  1. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    Can't access FTP on linux server

    I just set up Proftpd on my kubuntu server, I think I configured everything properly, but I can't access the FTP server from anything but localhost. :(

    When I'm on the linux server, I can fire up filezilla, and connect to the FTP by going to localhost. However, I can not access the server by going to the computers IP. I also can't connect to the server from any other computers on the network using the IP.

    It seems that proftpd is bound to only allow connections from localhost, and I'm sure it is just some line in a config file somewhere that I can't find, at least I hope.

    Anyone have any insight?

    Thanks in advance.
     
    Last edited: Feb 17, 2010
    Crunching for Team TPU 50 Million points folded for TPU
  2. DirectorC

    DirectorC New Member

    Joined:
    Nov 4, 2009
    Messages:
    1,624 (0.88/day)
    Thanks Received:
    268
    Location:
    Florizy
    Ports forwarded ?
     
    newtekie1 says thanks.
  3. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    Theres really nothing to foward ports though, the linux server doesn't have a firewall(that I'm aware of), and I'm staying inside my local network right now.
     
    Crunching for Team TPU 50 Million points folded for TPU
  4. DirectorC

    DirectorC New Member

    Joined:
    Nov 4, 2009
    Messages:
    1,624 (0.88/day)
    Thanks Received:
    268
    Location:
    Florizy
    newtekie1 says thanks.
  5. Jizzler

    Jizzler

    Joined:
    Aug 10, 2007
    Messages:
    3,455 (1.30/day)
    Thanks Received:
    645
    Location:
    Geneva, FL, USA
    Yup, unless you turned it off, iptables is probably running.

    If you don't like long complicated iptable commands, *buntu has UFW/GUFW.
     
    newtekie1 says thanks.
  6. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    This is what I get when I run iptables --list.

    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    This what I get when I run a netstat.
    Code:
    tcp        0      0 192.168.1.15:3306       0.0.0.0:*               LISTEN
    tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
    tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN
    tcp6       0      0 :::21                   :::*                    LISTEN
    tcp6       0      0 ::1:631                 :::*                    LISTEN
    Shouldn't there be a tcp listing for the ftp also and not a tcp6?
     
    Last edited: Feb 17, 2010
    Crunching for Team TPU 50 Million points folded for TPU
  7. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,506 (4.60/day)
    Thanks Received:
    3,357
    i use ubuntu server and proftpd and i didnt have to touch anything inside of the OS. i only had to forward port 21 and setup passive ports to forward as well. come to think of it you may have to set those up. they can be anything, i suggest 65500 - 65510 (if you only need 10 concurrent connections). also, have you set your masquarade address to your external ip? you set that stuff up in the proftpd.conf file
     
    newtekie1 says thanks.
    Crunching for Team TPU
  8. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    I didn't set up the Masquarade address, I assumed that was only if I wanted to use passive mode.

    Maybe that is part of the problem. I wonder if filezilla is trying to use passive mode, which I haven't setup.

    When I try to connect with filezilla I get a 500 error, when I try to connect with IE it seems to connect and ask for a logon, but the logon doesn't work...

    Anyway, I gave up on this for the night, I'll try some more suggestions when I get back to work tomorrow.

    Still open for other suggestions though.
     
    Crunching for Team TPU 50 Million points folded for TPU
  9. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,506 (4.60/day)
    Thanks Received:
    3,357
    if your router has a firewall then you have to use passive mode.
     
    newtekie1 says thanks.
    Crunching for Team TPU
  10. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    Right now I'm not going through the router, everything is staying on the internal network. I shouldn't need passive mode for that, should I?
     
    Crunching for Team TPU 50 Million points folded for TPU
  11. Clement

    Clement New Member

    Joined:
    Feb 11, 2010
    Messages:
    192 (0.11/day)
    Thanks Received:
    26
    Location:
    SouthEast Blue Mountain, Pa
    Filezilla by default AFAIK will auto negotiate the transfer mode. You will only have to change this if the default is not successful at getting an answer from the ftp server. If you wish to setup passive mode later on your ftp server, your iptables config file will have to be updated further. Lets get it up and running first and we'll move to that after the server is able to take requests from your network.

    Please post your ftp servers config files and IPtables config file (usually /etc/sysconfig/iptables) here please.
     
    newtekie1 says thanks.
  12. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    Proftpd.config
    Code:
    #
    # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    # 
    
    # Includes DSO modules
    Include /etc/proftpd/modules.conf
    
    # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
    UseIPv6				on
    # If set on you can experience a longer connection delay in many cases.
    IdentLookups			off
    
    ServerName			"Joomla"
    ServerType			standalone
    DeferWelcome			on
    
    MultilineRFC2228		on
    DefaultServer			off
    ShowSymlinks			on
    
    TimeoutNoTransfer		600
    TimeoutStalled			100
    TimeoutIdle			2200
    
    DisplayLogin                    welcome.msg
    DisplayChdir               	.message true
    ListOptions                	"-l"
    
    DenyFilter			\*.*/
    
    # Use this to jail all users in their homes 
    # DefaultRoot			~
    
    # Users require a valid shell listed in /etc/shells to login.
    # Use this directive to release that constrain.
    # RequireValidShell		off
    
    # Port 21 is the standard FTP port.
    Port				21
    
    # In some cases you have to specify passive ports range to by-pass
    # firewall limitations. Ephemeral ports can be used for that, but
    # feel free to use a more narrow range.
    # PassivePorts                  49152 65534
    
    # If your host was NATted, this option is useful in order to
    # allow passive tranfers to work. You have to use your public
    # address and opening the passive ports used on your firewall as well.
    # MasqueradeAddress		192.168.1.15
    
    # This is useful for masquerading address with dynamic IPs:
    # refresh any configured MasqueradeAddress directives every 8 hours
    <IfModule mod_dynmasq.c>
    # DynMasqRefresh 28800
    </IfModule>
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances			30
    
    # Set the user and group that the server normally runs at.
    User				proftpd
    Group				nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask				022  022
    
    PersistentPasswd off
    
    MaxClients 8
    MaxClientsPerHost 8
    MaxClientsPerUser 8
    MaxHostsPerUser 8
    
    # Set /var/www directory as home directory
    DefaultRoot /var/www
    
    # Lock all the users in home directory, ***** really important *****
    DefaultRoot ~
    
    MaxLoginAttempts 5
    
    #VALID LOGINS
    <Limit LOGIN>
    AllowUser userftp
    DenyALL
    </Limit>
    
    <Directory /var/www>
    Umask 022 022
    AllowOverwrite on
    	<Limit READ RMD DELE>
          	DenyAll
        	</Limit>
    
        	<Limit STOR CWD MKD>
          	AllowAll
        	</Limit>
    </Directory>
    
    # Normally, we want files to be overwriteable.
    AllowOverwrite			on
    
    # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
    # PersistentPasswd		off
    
    # This is required to use both PAM-based authentication and local passwords
    # AuthOrder			mod_auth_pam.c* mod_auth_unix.c
    
    # Be warned: use of this directive impacts CPU average load!
    # Uncomment this if you like to see progress and transfer rate with ftpwho
    # in downloads. That is not needed for uploads rates.
    #
    # UseSendFile			off
    
    TransferLog /var/log/proftpd/xferlog
    SystemLog   /var/log/proftpd/proftpd.log
    
    <IfModule mod_quotatab.c>
    QuotaEngine off
    </IfModule>
    
    <IfModule mod_ratio.c>
    Ratios off
    </IfModule>
    
    
    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default. 
    <IfModule mod_delay.c>
    DelayEngine on
    </IfModule>
    
    <IfModule mod_ctrls.c>
    ControlsEngine        off
    ControlsMaxClients    2
    ControlsLog           /var/log/proftpd/controls.log
    ControlsInterval      5
    ControlsSocket        /var/run/proftpd/proftpd.sock
    </IfModule>
    
    <IfModule mod_ctrls_admin.c>
    AdminControlsEngine off
    </IfModule>
    
    #
    # Alternative authentication frameworks
    #
    #Include /etc/proftpd/ldap.conf
    #Include /etc/proftpd/sql.conf
    
    #
    # This is used for FTPS connections
    #
    #Include /etc/proftpd/tls.conf
    
    # A basic anonymous configuration, no upload directories.
    
    # <Anonymous ~ftp>
    #   User				ftp
    #   Group				nogroup
    #   # We want clients to be able to login with "anonymous" as well as "ftp"
    #   UserAlias			anonymous ftp
    #   # Cosmetic changes, all files belongs to ftp user
    #   DirFakeUser	on ftp
    #   DirFakeGroup on ftp
    # 
    #   RequireValidShell		off
    # 
    #   # Limit the maximum number of anonymous logins
    #   MaxClients			10
    # 
    #   # We want 'welcome.msg' displayed at login, and '.message' displayed
    #   # in each newly chdired directory.
    #   DisplayLogin			welcome.msg
    #   DisplayChdir		.message
    # 
    #   # Limit WRITE everywhere in the anonymous chroot
    #   <Directory *>
    #     <Limit WRITE>
    #       DenyAll
    #     </Limit>
    #   </Directory>
    # 
    #   # Uncomment this if you're brave.
    #   # <Directory incoming>
    #   #   # Umask 022 is a good standard umask to prevent new files and dirs
    #   #   # (second parm) from being group and world writable.
    #   #   Umask				022  022
    #   #            <Limit READ WRITE>
    #   #            DenyAll
    #   #            </Limit>
    #   #            <Limit STOR>
    #   #            AllowAll
    #   #            </Limit>
    #   # </Directory>
    # 
    # </Anonymous>
    
    I couldn't find the iptables file, it was not where you suggested. However, this is the output when I run an iptables --list command:
    Code:
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
     
    Crunching for Team TPU 50 Million points folded for TPU
  13. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,506 (4.60/day)
    Thanks Received:
    3,357
    newtekie, just try this. put your external IP address in for masqurade address. restart the server and see what happens. you should be able to connect to it from outsite the network.
     
    newtekie1 says thanks.
    Crunching for Team TPU
  14. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    I tried that, no good, I'm not trying to access this from outside the network right now though, I can't even access it from inside the network, or even from the linux server itself other than through localhost.

    When I try to connect to the server I get:

    Code:
    Status:	Connecting to 192.168.1.15:21...
    Status:	Connection established, waiting for welcome message...
    Response:	500 Sorry, no server available to handle request on ::ffff:192.168.1.15
    Error:	Critical error
    Error:	Could not connect to server
     
    Crunching for Team TPU 50 Million points folded for TPU
  15. xrealm20

    xrealm20 New Member

    Joined:
    Jan 29, 2010
    Messages:
    467 (0.26/day)
    Thanks Received:
    129
    Location:
    Houston
    newtekie1 - go to terminal and type in

    sudo ufw status

    And tell me what it says.
     
    newtekie1 says thanks.
  16. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    Status: inactive
     
    Crunching for Team TPU 50 Million points folded for TPU
  17. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    Figured it out!!!!!!!:rockout::toast:

    I had to add the following to proftpd.config:
    Code:
    DefaultAddress                  192.168.1.15
    SocketBindTight                 on
    THANK YOU TO EVERYONE FOR THE HELP!
     
    Crunching for Team TPU 50 Million points folded for TPU
  18. DirectorC

    DirectorC New Member

    Joined:
    Nov 4, 2009
    Messages:
    1,624 (0.88/day)
    Thanks Received:
    268
    Location:
    Florizy
    Awesome :toast:
     
    newtekie1 says thanks.
  19. xrealm20

    xrealm20 New Member

    Joined:
    Jan 29, 2010
    Messages:
    467 (0.26/day)
    Thanks Received:
    129
    Location:
    Houston
    Good -- glad to know that you got it working -

    You may want to enable ufw at somepoint if your system isn't behind a firewall - just fyi.
     
    newtekie1 says thanks.
  20. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    Its behind a hardware firewall.:toast:
     
    Crunching for Team TPU 50 Million points folded for TPU
  21. xrealm20

    xrealm20 New Member

    Joined:
    Jan 29, 2010
    Messages:
    467 (0.26/day)
    Thanks Received:
    129
    Location:
    Houston
    ok, perfect -- just making sure. :toast:
     
    newtekie1 says thanks.
  22. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,506 (4.60/day)
    Thanks Received:
    3,357

    of course it is that simple :laugh:
     
    newtekie1 says thanks.
    Crunching for Team TPU
  23. newtekie1

    newtekie1 Semi-Retired Folder

    Joined:
    Nov 22, 2005
    Messages:
    20,133 (6.11/day)
    Thanks Received:
    6,195
    I know, the entire time all that was running through my mind was that line from OfficeSpace...

     
    Crunching for Team TPU 50 Million points folded for TPU
  24. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,506 (4.60/day)
    Thanks Received:
    3,357
    this wasn't a mundane detail, michael!
     
    newtekie1 says thanks.
    Crunching for Team TPU
  25. Clement

    Clement New Member

    Joined:
    Feb 11, 2010
    Messages:
    192 (0.11/day)
    Thanks Received:
    26
    Location:
    SouthEast Blue Mountain, Pa
    Congratulations! :rockout:
     
    newtekie1 says thanks.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page