Ftp & Telnet only in one direction

[tunguska]

Hi,

I have the following problem: i have a local network with 2 linuxboxes.
I can ftp & telnet from box A to box B, but i cannot ftp from box B to box A
("530 authentication failed" ) and i cannot telnet from box B to A ("connection closed by foreign host").

I created the same user-accounts on both machines with same passwords, so I'm sure username&paswd are correct.

I installed pure-ftpd on both boxes and both conf files are identical.
So there must be some permission problem or some misconfiguration , but what?

What obvious mistake did I make?

[tom-tjtech]

Well it looks at least that you know how to setup an ftp server OK!

The service that ftpd (the server, as opposed to client ftp) uses is 'vsftpd'
which can only be run through 'xinetd'; so when I say restart the ftp-server
I mean do...
[root]$ service vsftpd restart

but before we get carried away, first some basic checks...
checking the basic firewall - lets assume that if you can see box A from
box B and vica-versa then the ftp protocol ports are being let thru!

from box A do..
[root]$ arp -a
boxb (192.168.2.102) at mac-address-here [ether] on eth0
(--etc--)

where boxb is the DNS name for server ip 192.168.2.102 (your number may be different this is just for example).

[root]$ ping 192.168.2.102

if succesful ping then boxB firewall is not blocking boxA.

try this the other way around
e.g. from boxB do...
[root]$ arp -a
boxa (192.168.2.101) at mac-address-here [ether] on eth0
(--etc--)

Any probs so far you have firewall misconfiguration that needs to be sorted out, e.g. iptables.

Lets assume firewalls fine ... proceed...

check that ftpd is available on machines and is running up, however
you state that you can 'ftp' from boxA to boxB OK therefore lets restrict ourselves to boxA (where we suspect ftpd problems)...

At boxA terminal do...
[root]$ netstat -a | grep ftp
[root]$

i.e. assume that nothing returned by this command, means that ftpd is not running, lets start the service on boxA so...
First check to see if the server is installed in the first place (you may have ftp in client mode- but this does not mean the ftpd is there!)...

[root]$ rpm -qa | grep vsftp
[root]$

lets assume now too that the server is NOT installed yet, so do...
[root]$ urpmi vsftpd (or yum vsftpd -depends on distro used)
now get...
vsftpd-2.0.1-1mdk

so it is now installed OK!

[root]$ chkconfig --list vsftpd
vsftpd on

(this indicates that it will start OK on reboot)
Start the service manually now...

[root]$ service vsftpd start
vsftpd is a xinetd service
Reloading configuration:
[root]$ netstat -a | grep ftp
tcp 0 0 *:ftp *:* LISTEN

Now there are two posssibilities now -- either your ftp is working Ok both ways or you are still stuck at boxA...
At boxA try localhost -you should try the ip of 'boxa' you know from
the previous arp -a command, or use netstat at the local prompt.

[root]$ ftp localhost
Connected to 192.168.2.101.
500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp

use 'quit' to escape from ftp prompt.
(You still will not be able to ftp into boxA yet).

What has happened is that when you installed the server you didnot UNLOCK the passwd file and the ftp user was not added! Checking the /etc/passwd
file will verify there is no entry for 'ftp'?

[root]$ gedit /etc/passwd

add this line to end of list...

Code:

ftp:x:100:100:FTP: User:/var/ftp:/sbin/nologin

Observe the case and spaces- make sure you press return-key at EOL.
The number 100 for UID is purely arbitrary, any number NOT in the list already will do.

Unfortunately you have to also edit the shadow file...
[root]$gedit /etc/shadow

add this line to end...

Code:

ftp:*:13259:0:99999:7:::

the number shown equals the number already in the list and may be different to that shown here.

Remember to save both edited files to themselves.

Now restart the vsftpd service and check to see if ftp works both ways using
an existing machine account!

I think your telnet problem also may be due to locked /etc/passwd file but I'm not sure on that- someone else will have to help you on that.

Good luck, let me know if you have any further problems.

[Roxoff]

Welcome to the forum, tunguska. Before you go diving into firewall configs and following tom-tjtech detailed help, you might just want to check these couple of things on each machine, it should only take a min :

Check that xinetd is running:

Code:

/etc/rc.d/initd/xinetd status

check that the config is set correctly in /etc/xinetd.d, there should be a file that relates to pure-ftpd, inside it will look something like this:

Code:

service pure-ftpd
{
     disable      = yes
    ... other lines ...
}

If it says 'disable = yes', change to 'disable=no' and restart xinetd with:

Code:

/etc/rc.d/initd/xinetd restart

and then try again. If this is all OK, and you still cant connect then follow tom-tjtech's advice, above.

[tunguska]

Hi,

thanks a lot, you both gave me some productive ideas - I finally got things (ftp & telnet) working OK.
Problem was I had 2 ftp-servers running on boxA : pure-ftpd & vsftpd!
(from previous late-night experiments...)
When I disabled pure-ftpd in /etc/xinetd.d/pure-ftpd & also changed "user = root" in /etc/xinetd.d/vsftpd, things were OK again.

With everything working again, i played around a bit:
* With only vsftpd running on boxA, when I ftp'd from boxB I received
the welcome-message from vsftpd on boxA : good
* I then activated pure-ftpd on boxA (& of course also a xinetd restart)
when I ftp'd again from boxB , the connection with boxA was made
but i did receive the welcome message from pure-ftpd! Subsequently
ftp asked for my name: it did not accept anonymous and neither
did it accept my regular account&passwd. So I managed to reconstruct the faulty behaviour!

Upon correcting my ftp-problem, telnet works fine too now!
I suppose telnet uses ftp...

Thanks again tom-tjtech & Roxoff!

[Roxoff]

Upon correcting my ftp-problem, telnet works fine too now!
I suppose telnet uses ftp...

telnet uses xinetd (or inetd, if your system is that old) not ftp. It may have been enough to restart xinetd for this to be going again.

Thanks again tom-tjtech & Roxoff!

You're very welcome.