vsftpd
Re: vsftpd
[code]*filter
:INPUT ACCEPT [312640:30403113]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2632390:367889137]
-A INPUT -p udp -m udp --dport 240 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 240 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p udp -m udp --dport 27016 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 27021 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27015 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27015 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27010 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27010 -j ACCEPT
COMMIT
# Completed on Sat Feb 18 12:09:50 2012[/code]
Edit: Thanks to all of you for helping me! I really appreciate it! :)
:INPUT ACCEPT [312640:30403113]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2632390:367889137]
-A INPUT -p udp -m udp --dport 240 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 240 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p udp -m udp --dport 27016 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 27021 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27015 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27015 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27010 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27010 -j ACCEPT
COMMIT
# Completed on Sat Feb 18 12:09:50 2012[/code]
Edit: Thanks to all of you for helping me! I really appreciate it! :)
Re: vsftpd
Did you ever fix this problem? I had a similar problem and it turned out to be selinux.
Re: vsftpd
[quote]
jalley wrote:
Did you ever fix this problem? I had a similar problem and it turned out to be selinux.[/quote]
Thanks, but though, it did not help. What I did was 'echo 0 > /selinux/enforce' - but it gives the same error. Thanks for trying though :)
jalley wrote:
Did you ever fix this problem? I had a similar problem and it turned out to be selinux.[/quote]
Thanks, but though, it did not help. What I did was 'echo 0 > /selinux/enforce' - but it gives the same error. Thanks for trying though :)
Re: vsftpd
Well your iptables-save output does not show you having port 21 open so loading ip_conntrack_ftp will not help you until you do. It needs both port 21 open _and_ ip_conntrack_ftp loaded.
Re: vsftpd
I did following:
[code][root@s2 ~]# iptables -A INPUT -p tcp --dport 21 -j ACCEPT
[root@s2 ~]# iptables -A INPUT -p udp --dport 21 -j ACCEPT
[root@s2 ~]# /sbin/service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 268: restorecon: command not found [FAILED][/code]
I've not edited / deleted the file /etc/init.d/iptables. This is the file, from line 265-269
[code]if [ $ret -eq 0 ]; then
if [ -e $IPTABLES_DATA ]; then cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
&& chmod 600 $IPTABLES_DATA.save \
&& restorecon $IPTABLES_DATA.save \
|| ret=1[/code]
[code][root@s2 ~]# iptables -A INPUT -p tcp --dport 21 -j ACCEPT
[root@s2 ~]# iptables -A INPUT -p udp --dport 21 -j ACCEPT
[root@s2 ~]# /sbin/service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 268: restorecon: command not found [FAILED][/code]
I've not edited / deleted the file /etc/init.d/iptables. This is the file, from line 265-269
[code]if [ $ret -eq 0 ]; then
if [ -e $IPTABLES_DATA ]; then cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
&& chmod 600 $IPTABLES_DATA.save \
&& restorecon $IPTABLES_DATA.save \
|| ret=1[/code]
Re: vsftpd
You don't need to open udp port 21 for ftp use, only tcp is required.
I was referring to your posted iptables rules above, which had only 11 rules listed, none of which were for port 21. Incidentally, since you have a policy default set of ACCEPT, and you have no DROP rule in those rules, you currently have NO firewall running! Rather you have a firewall with 11 rules but the default rule is to allow all traffic so anything that doesn't match those is accepted anyway.
I suggest that you fix this ASAP.
Your lack of a restorecon executable means that you do not have the policycoreutils package installed.
I was referring to your posted iptables rules above, which had only 11 rules listed, none of which were for port 21. Incidentally, since you have a policy default set of ACCEPT, and you have no DROP rule in those rules, you currently have NO firewall running! Rather you have a firewall with 11 rules but the default rule is to allow all traffic so anything that doesn't match those is accepted anyway.
I suggest that you fix this ASAP.
Your lack of a restorecon executable means that you do not have the policycoreutils package installed.
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
vsftpd
Another possibility is that this is a VPS, and not CentOS.
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: vsftpd
Perhaps time to ask for "uname -rmi" or better yet [url=http://www.centos.org/modules/newbb/viewtopic.php?topic_id=28723&forum=54]provide more information about the system[/url].
Re: vsftpd
http://pastebin.com/M5ezUNy7
-
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: vsftpd
That's a very old kernel, but a least a CentOS one. Rebooting to kernel-2.6.32-220.4.2.el6 would be a good idea. Are other packages up to date?
Must be a very minimal install as neither pciutils nor usbutils is installed, so little is known about the hardware. You might want to obfuscate the public IP address in the route info.
Must be a very minimal install as neither pciutils nor usbutils is installed, so little is known about the hardware. You might want to obfuscate the public IP address in the route info.