vsftpd

Issues related to applications and software problems
Duerdum9
Posts: 18
Joined: 2012/02/17 00:14:12
Contact:

Re: vsftpd

Post by Duerdum9 » 2012/02/18 17:13:38

[code]*filter
:INPUT ACCEPT [312640:30403113]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2632390:367889137]
-A INPUT -p udp -m udp --dport 240 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 240 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p udp -m udp --dport 27016 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 27021 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27015 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27015 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27020 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p tcp -m tcp --dport 27010 -j ACCEPT
-A INPUT -d 50.115.164.225/32 -p udp -m udp --dport 27010 -j ACCEPT
COMMIT
# Completed on Sat Feb 18 12:09:50 2012[/code]

Edit: Thanks to all of you for helping me! I really appreciate it! :)

jalley
Posts: 4
Joined: 2011/04/11 16:38:25

Re: vsftpd

Post by jalley » 2012/02/19 14:55:14

Did you ever fix this problem? I had a similar problem and it turned out to be selinux.

Duerdum9
Posts: 18
Joined: 2012/02/17 00:14:12
Contact:

Re: vsftpd

Post by Duerdum9 » 2012/02/19 15:05:03

[quote]
jalley wrote:
Did you ever fix this problem? I had a similar problem and it turned out to be selinux.[/quote]
Thanks, but though, it did not help. What I did was 'echo 0 > /selinux/enforce' - but it gives the same error. Thanks for trying though :)

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd

Post by TrevorH » 2012/02/19 21:19:26

Well your iptables-save output does not show you having port 21 open so loading ip_conntrack_ftp will not help you until you do. It needs both port 21 open _and_ ip_conntrack_ftp loaded.

Duerdum9
Posts: 18
Joined: 2012/02/17 00:14:12
Contact:

Re: vsftpd

Post by Duerdum9 » 2012/02/19 22:15:39

I did following:

[code][root@s2 ~]# iptables -A INPUT -p tcp --dport 21 -j ACCEPT
[root@s2 ~]# iptables -A INPUT -p udp --dport 21 -j ACCEPT
[root@s2 ~]# /sbin/service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables: /etc/init.d/iptables: line 268: restorecon: command not found [FAILED][/code]

I've not edited / deleted the file /etc/init.d/iptables. This is the file, from line 265-269

[code]if [ $ret -eq 0 ]; then
if [ -e $IPTABLES_DATA ]; then cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
&& chmod 600 $IPTABLES_DATA.save \
&& restorecon $IPTABLES_DATA.save \
|| ret=1[/code]

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vsftpd

Post by TrevorH » 2012/02/19 22:38:00

You don't need to open udp port 21 for ftp use, only tcp is required.

I was referring to your posted iptables rules above, which had only 11 rules listed, none of which were for port 21. Incidentally, since you have a policy default set of ACCEPT, and you have no DROP rule in those rules, you currently have NO firewall running! Rather you have a firewall with 11 rules but the default rule is to allow all traffic so anything that doesn't match those is accepted anyway.

I suggest that you fix this ASAP.

Your lack of a restorecon executable means that you do not have the policycoreutils package installed.

gerald_clark
Posts: 10642
Joined: 2005/08/05 15:19:54
Location: Northern Illinois, USA

vsftpd

Post by gerald_clark » 2012/02/20 15:19:18

Another possibility is that this is a VPS, and not CentOS.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: vsftpd

Post by pschaff » 2012/02/20 16:25:53

Perhaps time to ask for "uname -rmi" or better yet [url=http://www.centos.org/modules/newbb/viewtopic.php?topic_id=28723&forum=54]provide more information about the system[/url].

Duerdum9
Posts: 18
Joined: 2012/02/17 00:14:12
Contact:

Re: vsftpd

Post by Duerdum9 » 2012/02/20 22:02:55

http://pastebin.com/M5ezUNy7

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: vsftpd

Post by pschaff » 2012/02/21 11:45:37

That's a very old kernel, but a least a CentOS one. Rebooting to kernel-2.6.32-220.4.2.el6 would be a good idea. Are other packages up to date?

Must be a very minimal install as neither pciutils nor usbutils is installed, so little is known about the hardware. You might want to obfuscate the public IP address in the route info.

Post Reply