| View previous topic :: View next topic |
| Author |
Message |
Infra
Tux's lil' helper
Joined: 12 Jul 2002
Posts: 131
Location: Vantaa, Finland
|
 Posted: Sun Jun 01, 2003 12:39 pm Post subject: vsftpd...how to install |
 |
|
I have emerged vsftpd and xinetd
but when i start xinetd it starts but still i cannot connect to ftp.
Here's some confs:
/etc/vsftpd/vsftpd.conf:
| Code: | #
# Example vsftpd config file
#
# See man 5 vsftpd.conf for more information.
#
# $Header: /home/cvsroot/gentoo-x86/net-ftp/vsftpd/files/vsftpd.conf,v 1.2 2002/05/04 03:42:50 woodchip Exp $
# Allow anonymous FTP?
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
# Activate logging of uploads/downloads.
xferlog_enable=YES
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd/vsftpd.log
# You may change the default value for timing out an idle session.
idle_session_timeout=600
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
nopriv_user=nobody
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that turning on ascii_download_enable enables malicious remote parties
# to consume your I/O resources, by issuing the command "SIZE /big/file" in
# ASCII mode.
# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway..
#ascii_upload_enable=YES
#ascii_download_enable=YES
# You may fully customise the login banner string:
ftpd_banner=Ascension FTP.
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd/vsftpd.banned_emails
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
|
/etc/xinetd.d/vsftpd:
| Code: |
# default: off
# description: Vsftpd is an FTP server, designed to be secure.
# $Header: /home/cvsroot/gentoo-x86/net-ftp/vsftpd/files/vsftpd.xinetd.ipv6,v 1.1 2003/04/06 20:22:00 gmsoft Exp $
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
server_args = /etc/vsftpd/vsftpd.conf
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
disable = no
flags = IPv6
}
|
When I try to connect it just says: connection refused
_________________
If it works don't mess with it |
|
| Back to top |
|
 |
no usernames left
n00b
Joined: 09 Feb 2003
Posts: 72
|
| Posted: Sun Jun 01, 2003 12:46 pm Post subject: |
|
|
Run "netstat -l" and look if xinetd is listening on the ftp port, or even better post the output. Also, username root won't work because it's rejected by default.
_________________
[img:39112bbc59]http://www.gamers-portal.de/images/yay.gif[/img:39112bbc59] |
|
| Back to top |
|
|
amne
Bodhisattva
Joined: 17 Nov 2002
Posts: 6378
Location: Graz / EU
|
| Posted: Sun Jun 01, 2003 1:45 pm Post subject: |
|
|
| watch your syslog for output. maybe xinetd already complains on startup about something, maybe the connection gets refused by vsftp, maybe it's the tcp-wrappers, etc. |
|
| Back to top |
|
|
Infra
Tux's lil' helper
Joined: 12 Jul 2002
Posts: 131
Location: Vantaa, Finland
|
| Posted: Sun Jun 01, 2003 2:40 pm Post subject: |
|
|
| no usernames left wrote: | | Run "netstat -l" and look if xinetd is listening on the ftp port, or even better post the output. Also, username root won't work because it's rejected by default. |
Here it is:
| Code: |
root@ascension vsftpd # netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:6000 *:* LISTEN
tcp 0 0 *:www *:* LISTEN
tcp 0 0 *:9176 *:* LISTEN
tcp 0 0 *:https *:* LISTEN
udp 0 0 *:bootpc *:*
udp 0 0 ua219d70.elisa.omak:ntp *:*
udp 0 0 ascension:ntp *:*
udp 0 0 *:ntp *:*
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 88731 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 88898 /tmp/orbit-infra/orb-785546689867312703
unix 2 [ ACC ] STREAM LISTENING 6600 /tmp/orbit-infra/orb-14220728771284641815
unix 2 [ ACC ] STREAM LISTENING 156843 /tmp/orbit-infra/orb-5481841321877387583
unix 2 [ ACC ] STREAM LISTENING 88946 /tmp/orbit-infra/orb-420047665263577680
unix 2 [ ACC ] STREAM LISTENING 88979 /tmp/orbit-infra/orb-13980391701488589166
unix 2 [ ACC ] STREAM LISTENING 6680 /tmp/orbit-infra/orb-11526221612127659987
unix 2 [ ACC ] STREAM LISTENING 89024 /tmp/orbit-infra/orb-13104260492111520748
unix 2 [ ACC ] STREAM LISTENING 89056 /tmp/orbit-infra/orb-20907800882140673533
unix 2 [ ACC ] STREAM LISTENING 89089 /tmp/orbit-infra/orb-39722477723485540
unix 2 [ ACC ] STREAM LISTENING 89097 /tmp/orbit-infra/orb-618892720635364698
|
_________________
If it works don't mess with it |
|
| Back to top |
|
|
no usernames left
n00b
Joined: 09 Feb 2003
Posts: 72
|
| Posted: Sun Jun 01, 2003 2:51 pm Post subject: |
|
|
Hmmm, seems like xinetd isn't even listening on the ftp port. Like amne suggested you should take a look at your syslog and the vsftpd logfile (if there is one, but vsftpd shouldn't be the problem anyway since xinetd isn't even listening on the port). Also check whether xinetd is still running after you start it.
_________________
[img:39112bbc59]http://www.gamers-portal.de/images/yay.gif[/img:39112bbc59] |
|
| Back to top |
|
|
Infra
Tux's lil' helper
Joined: 12 Jul 2002
Posts: 131
Location: Vantaa, Finland
|
| Posted: Sun Jun 01, 2003 3:03 pm Post subject: |
|
|
| no usernames left wrote: | | Hmmm, seems like xinetd isn't even listening on the ftp port. Like amne suggested you should take a look at your syslog and the vsftpd logfile (if there is one, but vsftpd shouldn't be the problem anyway since xinetd isn't even listening on the port). Also check whether xinetd is still running after you start it. |
Okey i got little bit going on
| Code: |
tcp 0 0 *:9176 *:* LISTEN
|
when I say
it says "connected to localhost. Then i tryed with windows client to connect to that port...well it connects but it won't log in? or do i have to do users who can use that ftp? who do i do that?
Or is there any better ftpd:s?
_________________
If it works don't mess with it |
|
| Back to top |
|
|
no usernames left
n00b
Joined: 09 Feb 2003
Posts: 72
|
| Posted: Sun Jun 01, 2003 3:30 pm Post subject: |
|
|
9176 isn't the standard ftp port?! 
Anyway, since you've allowed local users to log in, you should be able to log into the ftp server using your normal username/password combination. Note that this can take a LONG time if your client doesn't support SSL.
vsftpd is a nifty ftp daemon, some people prefer proftpd or something else but vsftpd is secure, very small, used for many popular ftp servers etc. so it's my personal favorite. 
_________________
[img:39112bbc59]http://www.gamers-portal.de/images/yay.gif[/img:39112bbc59] |
|
| Back to top |
|
|
MezzUp
n00b
Joined: 29 May 2003
Posts: 29
Location: Vogar, Iceland
|
| Posted: Sun Jun 01, 2003 5:34 pm Post subject: |
|
|
I have the same problem and I was wondering how I could look at my syslog?
_________________
Will eat food for sex |
|
| Back to top |
|
|
amne
Bodhisattva
Joined: 17 Nov 2002
Posts: 6378
Location: Graz / EU
|
| Posted: Sun Jun 01, 2003 5:57 pm Post subject: |
|
|
depends on which syslog you use, /var/log/ is a good start, if you use metalog, it should be in /var/log/everything/current, others log to /var/log/messages (i think).
using tail you can view the last lines and it also gets updated whenever a new entry is made.
| Code: | | tail -f /var/log/everything/current |
should do the trick.
note: if you use metalog, you need to turn off buffering:
| Code: | // To turn the buffering off:
# killall -USR1 metalog
// To turn the buffering back on:
# killall -USR2 metalog
|
after that you should be able to see the syslog in realtime. output should give a hint what the problem is, if not post it here  |
|
| Back to top |
|
|
bmph8ter
n00b
Joined: 06 May 2002
Posts: 46
|
| Posted: Sun Jun 01, 2003 6:08 pm Post subject: |
|
|
Did you change /etc/xinetd.conf? There should be a line
| Code: | | only_from = localhost |
(I think that's the default setting)
that needs to be
| Code: | | only_from = 0.0.0.0/0 |
if you want the entire world to be able to connect to your FTP server. Then restart xinetd.
_________________
My crappy (but redesigned) blog |
|
| Back to top |
|
|
mpsii
l33t
Joined: 11 Mar 2003
Posts: 658
Location: Jackson, TN
|
| Posted: Fri Jun 27, 2003 7:09 pm Post subject: |
|
|
| bmph8ter wrote: | Did you change /etc/xinetd.conf? There should be a line
| Code: | | only_from = localhost |
(I think that's the default setting)
that needs to be
| Code: | | only_from = 0.0.0.0/0 |
if you want the entire world to be able to connect to your FTP server. Then restart xinetd. |
OMG!!!
Thanks... I could not figure out what the problem was. I originally commented out the localhost line. I did not think to add IP addresses!
Worked like a beaut!
_________________
-----------------------------------------
Michael |
|
| Back to top |
|
|
|
Desktop Environments
