Re: ftp problem

[Rick Stevens <rstevens vitalstream com>]

Bob McClure Jr wrote:
> On Mon, Dec 09, 2002 at 05:38:41PM -0500, Mark DiTullio wrote:
>
> > I just installed my  first and only linux server.  RedHat 8.0.  I'm having
> > trouble using the ftp daemon vsftpd.  I had it running and connecting
> > anonymously, now I can't make any connections.  All I get is "connection
> > refused".  However, I can connect to my server via http. 
> >
> > This is all new to me, so I'm using more of the GUIs than command lines 
> > for
> > configuring this.
> >
> > One of the items that seems odd to me is I cannot customize the firewall
> > settings in the Security Level Configuration.  I make the changes, apply,
> > save, and they seem to revert back to the High settings, not allowing any
> > service.  Which obviously make me think that is why I cannot ftp to my
> > server.  I've also tried setting these via 'lokkit', no luck there either. 
>
>
> If you're using the tool I think you are, it is setting and saving the
> settings.  But when you bring it up again, it does not read your
> current settings.  It just defaults to a high setting.

Right.  lokkit and its bretheren assume that EVERYTHING is blocked
(including DNS) and work from there.  If you use RH's GUI to configure
this, have a copy of the rules you previously set up handy, as you'll
need to put them in again.  I'd recommend fetching firestarter from
sourceforge.net and using it.

> As to the FTP problem, have you opened up the firewall for it?
>
> Assuming your FTP server is running as a service of xinetd, have you
> edited the applicable file in /etc/xinetd.d/ so it says "disable =
> no"?

Using RH's "redhat-config-services" GUI, make sure that either the
"vsftpd" or "wu-ftpd" daemon is enabled (one or the other, but not
both).

> > Some of the threads here mentioned ipchains but I do not see that enabled
> > in 8.0.
>
>
> I think ipchains have been dropped from 8.0.  You are probably using
> iptables.

Yup, iptables it is.  Try "ipchains -L -n" to see what the current
rules are.  Get firestarter or keep a copy of your firewall rules
handy if you use lokkit or the RH tool.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens vitalstream com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-         Okay, who put a "stop payment" on my reality check?        -
----------------------------------------------------------------------