Page 1 of 1

[SOLVED] VSFTPD usr info mising? Getting connection refused.

Posted: 2011/09/03 02:44:29
by louarnold
I have a mall home network that I run Win XP, Win7, Vista and CentOS 6 on.They are connected to a router for internet access.

Previously, on CentOS 5.5, I set up VSFTPD quite successfully to permit access from outside to the VSFTPD server. I tried to duplicate this on CentOS 6, but its not working. On XP, WS_FTP-LE (the ftp client) gives me a "connection refused" message.

The CentOS machine has been assigned a static IP address, and VSFTPD has been set up to disallow local and anonymous logins. SELinux has been disabled as has the firewall. The router has been set up with a DMZ (to the CentOS IP address). There is only one other user - a normal user - defined in the system. I'm trying to log in with that name.

I can ping the CentOS machine via the LAN address (192.168...) and via the router IP address (99.xxx.xxx.xxx), and get packets back successfully. But I cannot verify that the router forwards to the Centos machine.
I cannot understand the difference between inetd started vsftpd and the non-inetd started variety, ie how the are different in operation.

My goal is to vector the one user's FTP to a specific folder on the machine, say' /mnt/bigdisk/FTPShare/'
Here is the vsftpd.conf file:
[code]
#The following lists directives which affect vsftpd's logging behavior.
dual_log_enable=NO
log_ftp_protocol=NO
syslog_enable=NO
#vsftpd_log_file
xferlog_enable=YES
#xferlog_file
#xferlog_std_format
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES

#Network Options
#The following lists directives which affect how vsftpd interacts with the network.
#1-Disable port style connection = Yes by default.
port_enable=NO
#2-connect_from_port_20 is NO by default.
connect_from_port_20=NO
#3-Enable passive connection: Yes by default.
pasv_enable=YES

accept_timeout=60
anon_max_rate=0
connect_timeout=60
data_connection_timeout=300
ftp_data_port=20
idle_session_timeout=300
#listen_address
#listen_address6
one_process_model=YES
listen_port=21
local_max_rate=0
max_clients=1
max_per_ip=1
#pasv_address — Specifies the IP address for the public facing IP address of the server for servers behind Network Address
# Translation (NAT) firewalls.
# This enables vsftpd to hand out the correct return address for passive mode connections.
pasv_enable=YES
pasv_max_port=0
pasv_min_port=0
#pasv_promiscuous
[/code]

And here is the vsftpd.xinetd file
[code]
# default: off
# description: The vsftpd FTP server serves FTP connections. It uses \
# normal, unencrypted usernames and passwords for authentication.
service ftp
{
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
server_args = /etc/vsftpd/vsftpd.conf
nice = 10
disable = yes
flags = IPv4

banner_fail = /etc/vsftpd.busy_banner

per_source = 1
instances = 1

log_on_success += PID HOST DURATION
log_on_failure += HOST

}
[/code]

Re: VSFTPD usr info mising? Getting connection refused.

Posted: 2011/09/04 01:02:54
by louarnold
SOLVED - I found the solution at http://forums.opensuse.org/english/get-technical-help-here/applications/403390-vsftpd-standalone-vs-inetd-xinetd.html

The problem was with "one_process_model=YES". Yes means anonymous only. When I rebooted the server system and tried the FTP again,
from the XP machine I got the message: "500 OOPS: vsftpd: security: 'one_process_model' is anonymous only" Since I set anonymous_enable=NO, things were a bit conflicted. Fixing this helped immensely.

Another item, that may not have caused the failure directly is: listen=Yes. This means that the server operates in stand-alone (daemon) mode. However, I also had the vsftpd file in /etc/xinted.d and that conflicts with listen=yes.

So now ftp from the XP machine works, either to the LAN address or via the router's outside IP address.

[SOLVED] VSFTPD usr info mising? Getting connection refused.

Posted: 2011/09/17 15:37:02
by pschaff
Thanks for reporting back, but I do hope you have now enabled SELinux and the firewall. Marking this thread [SOLVED] for posterity.