[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Question on Internet access of vsftp server

On December 19, 2003 07:11 pm, Bob Smith wrote:
> Pete,
> I've been editing the iptables by hand.  The version of GUI
> configuration tool that I was using didn't handle the firewall rules
> that I wanted.  I went in to the iptables file and wrote the following
> rule:
> -A INPUT -p tcp -m state --state NEW -i eth0 --dport 21 -j LOG
> --log-prefix "NetF FTP Failure: "
> I then did an iptables service restart, tested, and had no luck.  I then
> rebooted the machine.
> I replaced the rpm using the rpm from the Red Hat site, but did not put
> in any previous errata patches.
> I edited vsftpd.conf to listen to my IP address, not the localhost
> address, and enabled log_ftp_protocol.  I also set the pasv_min_port
> above 1024.
> There are no entries in /etc/hosts.deny, and I have added vsftpd: ALL to
> /etc/hosts.allow.
> The /etc/init.d/vsftpd looks plausible.  I didn't see any explicit
> prohibitions or exclusions, and it seems to be pointed to the
> vsftpd.conf file.
> I've restarted the vsftpd service after adding in the changes to
> vsftpd.conf.  Then retested.  Still no luck.  And to make it even more
> interesting, I have not been able to locate any mention of "NetF" in any
> of the log files in /var/log.
> I'm at a loss.  It almost seems like FTP is not making it to the
> machine.  I've tested FTP from this machine to a .gov server that I
> sometimes use, and have gotten access.   I'm not sure what I should be
> looking at next.
> Thanks,
> -Bob
> >On December 18, 2003 08:45 pm, Pete Nesbitt wrote:
> >...
> >
> >>chain and the internet is accessed via eth0, then the log line would look
> >>like:
> >>
> >>$IPTABLES -A INPUT -p tcp -m state --state NEW -i $EXT_IF \
> >>  --dport 21 -j LOG --log-prefix "NetF FTP Failure: "

I thought it was working from within your lan. Can you access via ftp from the 
localhost (may need to use ip#) or from another local system?

does "netstat -l" show a line including something like:
tcp        0      0   *:ftp   *:*     LISTEN
(or maybe 21 instaead of ftp)

Even if vsftp is not running, a log line in the top of your rules above the 
ftp allow stuff, should log all new ftp attempts. If you are not even getting 
that, the problem is not vsftp. 
I would expect log messages to be in: /var/log/messages

Pete Nesbitt, rhce

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]