PDA

View Full Version : Pure-Ftpd problem


clemens
16th May 2009, 17:52
Hi all

got a prob, with pure-ftpd, cant connect to from outside.

User created, and works when connection to ftp from the local machine.

Connected to localhost.localdomain.
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 16:17. Server port: 21.
220-This is a private system - No anonymous login
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:root): xxx.xx
331 User xxx.xx OK. Password required
Password:
230-User xxx.xx has group access to: client4
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Connecting to port 45331
drwxr-xr-x 2 5004 client4 4096 May 16 15:23 cgi-bin
lrwxrwxrwx 1 5004 client4 31 May 16 15:23 log -> /var/log/ispconfig/httpd/xxx.xx
drwxr-xr-x 2 5004 client4 4096 May 16 15:23 ssl
drwxrwxrwx 2 5004 client4 4096 May 16 15:23 tmp
drwxr-xr-x 4 5004 client4 4096 May 16 15:23 web
226-Options: -l
226 5 matches total
ftp>


When using a FTP client - thats a no go it seams that it connect but dont come further that resolving the ip and after a while it stops trying to connect.

Did try from a command prompt on a windows, and got the respons connecting and then the connections are cut off.

Did see if the port where open and it was.

87.57.xxx.xxx is responding on port 21 (ftp).

a little hint would be really nice.

Thanks in advance

till
17th May 2009, 16:48
Please post the output of:

netstat -tap

and

iptables -L

clemens
17th May 2009, 19:32
they look like this...

netstat -tap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:56929 *:* LISTEN 1614/rpc.statd
tcp 0 0 localhost.localdoma:740 *:* LISTEN 2684/famd
tcp 0 0 localhost.localdo:10024 *:* LISTEN 1848/amavisd (maste
tcp 0 0 localhost.localdo:10025 *:* LISTEN 2638/master
tcp 0 0 *:mysql *:* LISTEN 1912/mysqld
tcp 0 0 localhost.localdo:spamd *:* LISTEN 2022/spamd.pid
tcp 0 0 *:sunrpc *:* LISTEN 1603/portmap
tcp 0 0 *:ftp *:* LISTEN 2652/pure-ftpd (SER
tcp 0 0 192.168.0.120:domain *:* LISTEN 2566/mydns
tcp 0 0 localhost.locald:domain *:* LISTEN 2566/mydns
tcp 0 0 *:ssh *:* LISTEN 1820/sshd
tcp 0 0 *:smtp *:* LISTEN 2638/master
tcp 0 148 192.168.0.120:ssh 87.57.xxx.xx:54944 ESTABLISHED 7898/0
tcp 54 0 localhost.localdo:46997 localhost.localdo:10025 CLOSE_WAIT 2803/amavisd (ch1-a
tcp6 0 0 [::]:imaps [::]:* LISTEN 2543/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 2561/couriertcpd
tcp6 0 0 [::]:pop3 [::]:* LISTEN 2549/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 2531/couriertcpd
tcp6 0 0 [::]:http-alt [::]:* LISTEN 2393/apache2
tcp6 0 0 [::]:www [::]:* LISTEN 2393/apache2
tcp6 0 0 [::]:ftp [::]:* LISTEN 2652/pure-ftpd (SER
tcp6 0 0 localhost:domain [::]:* LISTEN 2566/mydns
tcp6 0 0 [::]:ssh [::]:* LISTEN 1820/sshd
tcp6 0 0 [::]:https [::]:* LISTEN 2393/apache2


And iptables -L

Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
DROP tcp -- anywhere loopback/8
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- 224.0.0.0/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere

Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain PAROLE (12 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain PUB_IN (4 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
PAROLE tcp -- anywhere anywhere tcp dpt:ftp-data
PAROLE tcp -- anywhere anywhere tcp dpt:ftp
PAROLE tcp -- anywhere anywhere tcp dpt:ssh
PAROLE tcp -- anywhere anywhere tcp dpt:smtp
PAROLE tcp -- anywhere anywhere tcp dpt:domain
PAROLE tcp -- anywhere anywhere tcp dpt:www
PAROLE tcp -- anywhere anywhere tcp dpt:pop3
PAROLE tcp -- anywhere anywhere tcp dpt:imap2
PAROLE tcp -- anywhere anywhere tcp dpt:https
PAROLE tcp -- anywhere anywhere tcp dpt:mysql
PAROLE tcp -- anywhere anywhere tcp dpt:http-alt
PAROLE tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:mysql
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere

Chain PUB_OUT (4 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

falko
18th May 2009, 12:03
Looks ok. Did you try both active and passive transfers in your FTP client?

clemens
19th May 2009, 10:38
Yes, but it dosent matter as im not getting so far as the passive should matter.

Only get to the resolution of the ip for the host and then a disconnect.

And a dos FTP connect would give the result, connection, and after 10 sec host closed connection.

clemens
20th May 2009, 11:45
Did a new install from scratch and this time no problem...