HPE Community
Operating System - Linux
1830227 Members
2295 Online
109999 Solutions
New Discussion

ftp setup - help

 
pete b
New Member

‎07-17-2002 11:38 PM

‎07-17-2002 11:38 PM

ftp setup - help

I've newly installed Red Hat 7.3 and wish to set up the wu-ftp server for local ftp access. I can open a connection on the machine itself (open localhost) and ftpaccess rules are enforced correctly. However, when I try to connect from another machine with the same loggin details, I get a "connection refused" error. Any ideas about why this might be happening, or advice on where ftp access logs might be written to. This newbie greatly appreciates any help.
oh dear
0 Kudos
Reply
8 REPLIES 8
I_M
Honored Contributor

‎07-17-2002 11:45 PM

‎07-17-2002 11:45 PM

Re: ftp setup - help

Hi

Have you checked packet filter such as # ipchains -L ?

if you want to control ipchains, you may use #lokkit command.

Good luck
0 Kudos
Reply
pete b
New Member

‎07-18-2002 12:53 AM

‎07-18-2002 12:53 AM

Re: ftp setup - help

Thanks for that, but I'm not sure how the firewall is configured. I've installed Red Hat 7.3 out of the box and I'm sure I configured the firewall during installation. Forgive me, I'm new to this, but how can I check whether there is a firewall and assuming that there is, how would I congfigure it?
oh dear
0 Kudos
Reply
pete b
New Member

‎07-18-2002 01:38 AM

‎07-18-2002 01:38 AM

Re: ftp setup - help

Follow-up: I've disabled the firewall (for testing) using lokkit on my linux box. I can still connect to the ftp server on that same box. I can ping the linux box from my remote machine (and the remote machine from my linux box). I've added the IP of the remote machine to hosts.allow, just in case tcp wrappers was causing a problem. But I still get a "connection refused" error.

I'm about to throw my laptop out the window and set fire to the office. Where do I go from here?
oh dear
0 Kudos
Reply
Peter Kloetgen
Esteemed Contributor

‎07-18-2002 01:46 AM

‎07-18-2002 01:46 AM

Re: ftp setup - help

Hi Pete,

did you try to telnet as a normal user, or as root? Telnetting as root is disabled by default on Redhat Linux, you would first have to enable it. Do you have a /etc/securetty file? --> mv securetty securetty.save
Then change the telnet cofiguration file:

disable = yes

to

disable = no


Allways stay on the brigtht side of life!

Peter
I'm learning here as well as helping
0 Kudos
Reply
Paul Mancillas
Advisor

‎07-19-2002 11:26 AM

‎07-19-2002 11:26 AM

Re: ftp setup - help

There are 2 things you have to do to make ftp work. First, edit the /etc/xinetd.d/wu-ftpd file and change the line "disable=yes" to "disable=no". Second, you need to check the firewall rules with "ipchains -L". If you get any lines that say "DENY" then just disable all firewall rules with "ipchains -F". This will flush all of the chains until the next reboot. This should allow ftp to work now.

Paul Mancillas
0 Kudos
Reply
A Ottenheimer
New Member

‎07-29-2002 05:54 PM

‎07-29-2002 05:54 PM

Re: ftp setup - help


Check /var/log/messages for error messages
related to login. Type "tcpdump -n port 20 or port 21 -i any" to watch for the login process. Turn on logging in your iptables firewall scripts (-l) and watch /var/log/messages for any DENY statements that pop up. Lastly - look at proftpd - I like it much better.

A
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-20-2002 12:43 PM

‎08-20-2002 12:43 PM

Re: ftp setup - help

You might not know it but your ipchains -F command fixed MY problem with allowing DNS queries.

THANKS.
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎08-23-2002 10:59 AM

‎08-23-2002 10:59 AM

Re: ftp setup - help

I've stopped using the GUI tool on the firewall. It had no option for openning or closing port 53 anyway.

Here are the contents of my /etc/sysconfig/ipchains file.

Pretty secure, though more ports are going to have to be openned up.

:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 66.92.143.194/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 66.92.143.195/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 66.92.143.196/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 66.92.143.197/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 66.92.143.198/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 66.92.143.194/0 -d 192.168.0.30/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.