# Problem with vsftpd

## Bozar

Hi, I recently installed gentoo on an older computer (192.168.0.2) and wanted to set it up as an ftp server.  I read all the docs on proper installation, configured /etc/vsftpd/vsftpd.conf to allow any users on (the computer is internal to my network, no real need for security), set up the deny list, set up /etc/xinetd.d/vsftpd (basically just disable = no) and then restarted xinetd.  No errors.  Tried ftp localhost, worked fine.  Next I tried ftping from my windows machine (192.168.0.1) and it actively denied a connection.  Netstat -a | grep ftp says that the server is running.  Oh and here's the weird part - I can't ftp to 192.168.0.2 from the ftp server (same thing as localhost) because it says "service not available, remote server has closed connection".  I'm not running iptables (don't even have it installed).  I'm at a loss as to what could be causing this and multiple google searches and the man pages didn't produce anything.  The two computers are connected by a hub.  Help?

----------

## Kvetch

Do you have wrappers turned on?  Did you open port 21 on your router and make it forward requests to the ftp server?

What's in your /etc/hosts.deny?

You shouldn't have to worry about user configuration on vsftpd if you just setup your tcp wrappers like this.

/etc/hosts.deny

vsftpd:  ALL EXCEPT 192.168.0.

or /etc/hosts.deny

ALL: ALL

or

vsftpd:  ALL

and in your hosts.allow for this one do this

vsftpd: 192.168.0.

----------

## Bozar

As I said, there is just a hub in between the two computers.  The two computers get everything from each other, no exceptions.  I didn't have a hosts.allow or hosts.deny, I made them with the options you suggested and there was no change.  I don't think i have wrappers on.

----------

## Kvetch

yea you would have to emerge wrappers first.

I am not sure but how does a hub know where to direct traffic to?  They are just dummy connections, can you ping the other computer?  Can you ping yourself?  Can you ping your Internet IP address?

post your conf file and netstat -l

Who are you trying to login in as?  Chances are root is disabled from logging in.

You shouldn't need the userlist if you limit it to inside traffic.  There are 2 userlists in vsftpd.  The user_list is only used if userlist_enable=yes. It is used to either grant or deny users based on the setting userlist_deny=no or yes. Is this file reversed?

----------

## Bozar

Both computers can ping each other.  A hub is basically just a direct connection between the two computers.

You're gunna have to understand when I abbreviate some of these files because I can't transfer them between computers (for obvious reasons).

netstat -l gives

```
Active Internet connections (only servers)

Proto  Recv-Q Send-Q Local Address Foreign Address State

tcp     0      0       *:ftp         *:*         LISTEN

```

and then a unix domain socket log.

here are my vsftpd.conf options

/etc/vsftpd/vsftpd.conf

```
anonymous_enable=YES

local_enable=YES

write_enable=YES

anon_upload_enable=YES

dirmessage_enable=NO

connect_from_port_20=NO

xferlog_enable=YES

xferlog_std_format=YES

idle_session_timeout=600

data_connection_timeout=120

nopriv_user=nobody #yes, nobody is a user.

ftpd_banner=Welcome to blah FTP service.

userlist_enable=YES

userlist_deny=YES

listen=NO

```

here is a listing of the userlist:

/etc/vsftpd/vsftpd.user_list

```
halt

operator

root

shutdown

sync

bin

daemon

adm

lp

mail

postmaster

news

uucp

man

games

at

cron

www

named

squid

gdm

mysql

postgres

guest

nobody

alias

qmaild

qmaill

qmailp

qmailq

qmailr

qmails

postfix
```

And yes, I have my own normal user account on the computer named bozar, not on the list.

here is /etc/xinetd.d/vsftpd

```
service ftp

{

socket_type = stream

wait = no

user = root

server = /usr/sbin/vsftpd

server_args = /etc/vsftpd/vsftpd.conf

nice = 10

disable = no

}
```

----------

## Bozar

I dunno this board's etiquette but I'm bumping this back up cuz I still need an answer and it took me forever to write out those configs.

----------

## Bozar

Incidentally the problem is actually with xinetd, not vsftpd (if you didn't already know) I ran vsftpd in stand alone mode  (vsftpd &) and I can connect as I want to, but I'd still rather have it be run from xinetd because that's just better.

----------

## UberLord

IIRC there's a vsftpd.conf setting you have to change when swapping between standalone and xientd mode

----------

## Bozar

Yes, in /etc/vsftpd/vsftpd.conf I had to change LISTEN to yes or no depending on if it was standalone.  I also changed /etc/xinetd.d/vsftpd.conf so that ENABLE was the opposite of listen (depending on standalone or no)

----------

## jonnevers

I use vsftpd in standalone mode.

with LISTEN=yes

i don't see the point in using xinetd for a single program...

root@host # vsftpd &

and it runs perfectly. If i remeber correctly I had the same problem as you, locahost login okay everything else was no good. switched to standalone and it functioned like i wanted it to.

----------

## never147

The reason is in /etc/xinetd.conf there's:

```
defaults

{

        only_from      = localhost

        instances      = 60

        log_type       = SYSLOG authpriv info

        log_on_success = HOST PID

        log_on_failure = HOST

        cps            = 25 30

}

```

the only_from line is the culprit.

----------

