 | | | Subject: FTP: connection refused | Subject: FTP: connection refused 2003-11-14 - By Keith Mastin
Back
> Hi all, I have a tough problem that hopefully has a not so tough
> solution. I'm trying to setup a simple ftp server on Red Hat 7.2 and I
> can't get beyond "connection" refused when trying to connect externally.
> I've read every FAQ and online guide I can and I can't figure out why.
>
> The big clue I think is that netstat -a says that ftp is not being
> listened on. /etc/services looks ok to me (ftp is on port 21 for both
> UDP and TCP), I added the ftp service in /etc/xinet.d/ftp and restarted
> xinetd, so I'm not sure what could be inhibiting ftpd. Here's my config
> from /etc/xinet.d/ftp:
Why do you need udp?
> service ftp {
> disable = no
> socket_type = stream
> wait = no
> nice = 10
> user = root
> server = /usr/sbin/in.ftpd
> server_args = -l
> instances = 4
> log_on_sucess += DURATION HOST USERID
> }
>
> I modified /etc/hosts.allow and /etc/hosts.deny too. I wasn't sure
> about hosts.allow so I copied the working nfs stuff to a new line and
> changed it:
> in.ftpd: 10.0.0.0/255.255.255.224
> which is just like the entries for mountd, statd, etc.
>
> Not sure what else to say. Here's the long story summarized:
> 1. Dowloaded wu-ftp and built it with ./configure and make
Try vsftpd (very secure ftp)... less likely to get hacked or fubar'ed,
comes in an rpm (you're running a redhat machine, right?) and it's a
breeze to set up. Installing from sources on a redhat machine can be a
turkey shoot as redhat regularily decides that files belong where redhat
thinks they should go, not where the standards dictate. This in #2 on my
personal list of beefs with redhat.
If you insist on using wu-ftpd, then at least rebuild it from the source rpm.
> 2. Created /usr/ftp and the little jail for it to run in.
> 3. Check the firewall to make sure it didn't reject ftp.
Which port, 20 or 21? Try opening both 20 and 21.
> 4. Made changed to /etc/xinetd.d/ftp above and hosts files.
> 5. Restarted xinetd
> There maybe a few other things I did, this is what I recall for now.
Go to .bash_history to check your work. You can also log all shell
activity to a different file, but /bash_history should be sufficient for
most cases.
> I did a tcpdump trace of the connect attempt, the packets are reaching
> the server and it replies, but the replies are all R (resets). I think
> this is related to the fact that xinetd doesn't think it has something
> to run on port 21 (ftp port).
Can you connect in with telnet localhost 21?
Does netstat -tuan show port 21 listening?
--
Keith Mastin
BeechTree Information Technology Services Inc.
Toronto, Canada
(416)429 9304
|
|
|