Chris Wilson <[email protected]> Sent by: [email protected] 01/12/2010 05:03 PM Please respond to Linux Users Group Uganda <[email protected]>
To Linux Users Group Uganda <[email protected]> cc Subject Re: [LUG] FTP Server Problem Hi Allan, On Tue, 12 Jan 2010, [email protected] wrote: > On Tue, 12 Jan 2010, [email protected] wrote: > > > I have installed the VSFTP service on my Linux boss running SUSE linux > > 10.2, > > Wow, you're lucky to have Linux as your boss :) Forgot to have the extra privilege of having root on him to install whatever you want :) > When does the server start to "seem to be dropping my traffic"? when i try > connecting, see logs below > ; > rror: Unable to connect! > Status: Waiting to retry... (2 retries left) > Status: Connecting to ftp.xx.com > Error: Unable to connect! > Status: Waiting to retry... (1 retry left) > Status: Connecting to ftp.xx.com > Error: Unable to connect! > > If you are able to log in, try changing FTP mode to active or passive to > see if either one works better? am not able to go in Looks like a firewall or address binding problem. Please do this: > Please list all your INPUT firewall rules on the server, with: > > iptables -L -nv INPUT Chain input_ext (2 references) target prot opt source destination DROP 0 -- anywhere anywhere PKTTYPE = broadcast ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:domain LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:http LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:tftp reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' DROP 0 -- anywhere anywhere PKTTYPE = multicast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG 0 -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV ' DROP 0 -- anywhere anywhere And please paste the contents of /etc/xinetd.d/vsftpd (or similar), and # default: off # description: # The vsftpd FTP server serves FTP connections. It uses # normal, unencrypted usernames and passwords for authentication. # vsftpd is designed to be secure. # # NOTE: This file contains the configuration for xinetd to start vsftpd. # the configuration file for vsftp itself is in /etc/vsftpd.conf service ftp { # server_args = # log_on_success += DURATION USERID # log_on_failure += USERID # nice = 10 socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/vsftpd } the "listen" and "listen_address" values in /etc/vsftpd/vsftpd.conf. listen=YES There is no Listen_address. Cheers, Chris. -- Aptivate | http://www.aptivate.org | Phone: +44 1223 760887 The Humanitarian Centre, Fenner's, Gresham Road, Cambridge CB1 2ES Aptivate is a not-for-profit company registered in England and Wales with company number 04980791._______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
