Cannot connect to anonymus ftp

Discussion in 'Installation/Configuration' started by n1kol1s, Jul 4, 2006.

  1. n1kol1s

    n1kol1s New Member

    Hi all
    I have a problem with anonymus ftp.when i try to connect with smartftp and windows as anonymus and i get this error. I have enable the anonymus ftp in ispconfig and because i can connect to my user ftp i believe that my firewall settings r ok. i have the same problem with both internal and external ip's .
    ftp://wrl.homelinux.com

    220 FTP Server ready.
    [12:26:19] USER anonymous
    [12:26:19] 331 Password required for anonymous.
    [12:26:19] PASS (hidden)
    [12:26:19] 530 Login incorrect.

    My web9_nikolis ftp with password is working with no problems
    the proftpd_ispconfig.conf output is:

    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    <VirtualHost 10.10.64.164>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /var/www/web9/ftp>
    User web9_anonftp
    Group web9_anonftp
    UserAlias anonymous web9_anonftp
    UserAlias guest web9_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /var/www/web9/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>

    and the proftpd.conf output is :

    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

    ServerName "ProFTPD server"
    ServerIdent on "FTP Server ready."
    ServerAdmin root@localhost
    ServerType standalone
    #ServerType inetd
    DefaultServer on
    AccessGrantMsg "User %u logged in."
    #DisplayConnect /etc/ftpissue
    #DisplayLogin /etc/ftpmotd
    #DisplayGoAway /etc/ftpgoaway
    DeferWelcome off

    # Use this to excude users from the chroot
    DefaultRoot ~ !adm

    # Use pam to authenticate (default) and be authoritative
    AuthPAMConfig proftpd
    AuthOrder mod_auth_pam.c* mod_auth_unix.c

    # Do not perform ident nor DNS lookups (hangs when the port is filtered)
    IdentLookups off
    UseReverseDNS off

    # Port 21 is the standard FTP port.
    Port 21

    # Umask 022 is a good standard umask to prevent new dirs and files
    # from being group and world writable.
    Umask 022

    # Default to show dot files in directory listings
    ListOptions "-a"

    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228 off
    #RootLogin off
    #LoginPasswordPrompt on
    #MaxLoginAttempts 3
    #MaxClientsPerHost none
    #AllowForeignAddress off # For FXP

    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart on
    AllowStoreRestart on

    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 20

    # Set the user and group that the server normally runs at.
    User nobody
    Group nobody

    # This is where we want to put the pid file
    ScoreboardFile /var/run/proftpd.score

    # Normally, we want users to do a few things.
    <Global>
    AllowOverwrite yes
    <Limit ALL SITE_CHMOD>
    AllowAll
    </Limit>
    </Global>

    # Define the log formats
    LogFormat default "%h %l %u %t \"%r\" %s %b"
    LogFormat auth "%v [%P] %h %t \"%r\" %s"

    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine on
    #TLSRequired on
    #TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
    #TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
    #TLSCipherSuite ALL:!ADH:!DES
    #TLSOptions NoCertRequest
    #TLSVerifyClient off
    ##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
    #TLSLog /var/log/proftpd/tls.log

    # SQL authentication Dynamic Shared Object (DSO) loading
    # See README.DSO and howto/DSO.html for more details.
    #<IfModule mod_dso.c>
    # LoadModule mod_sql.c
    # LoadModule mod_sql_mysql.c
    # LoadModule mod_sql_postgres.c
    #</IfModule>

    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    # User ftp
    # Group ftp
    # AccessGrantMsg "Anonymous login ok, restrictions apply."
    #
    # # We want clients to be able to login with "anonymous" as well as "ftp"
    # UserAlias anonymous ftp
    #
    # # Limit the maximum number of anonymous logins
    # MaxClients 10 "Sorry, max %m users -- try again later"
    #
    # # Put the user into /pub right after login
    # #DefaultChdir /pub
    #
    # # We want 'welcome.msg' displayed at login, '.message' displayed in
    # # each newly chdired directory and tell users to read README* files.
    # DisplayLogin /welcome.msg
    # DisplayFirstChdir .message
    # DisplayReadme README*
    #
    # # Some more cosmetic and not vital stuff
    # DirFakeUser on ftp
    # DirFakeGroup on ftp
    #
    # # Limit WRITE everywhere in the anonymous chroot
    # <Limit WRITE SITE_CHMOD>
    # DenyAll
    # </Limit>
    #
    # # An upload directory that allows storing files but not retrieving
    # # or creating directories.
    # <Directory uploads/*>
    # AllowOverwrite no
    # <Limit READ>
    # DenyAll
    # </Limit>
    #
    # <Limit STOR>
    # AllowAll
    # </Limit>
    # </Directory>
    #
    # # Don't write anonymous accesses to the system wtmp file (good idea!)
    # WtmpLog off
    #
    # # Logging for the anonymous transfers
    # ExtendedLog /var/log/proftpd/access.log WRITE,READ default
    # ExtendedLog /var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>


    DefaultRoot ~

    Include /etc/proftpd_ispconfig.conf
     
  2. till

    till Super Moderator

    Please try to set:

    DefaultServer on

    to:

    DefaultServer off

    and restart proftpd.
     
  3. n1kol1s

    n1kol1s New Member

    I did but i got this message trying to connect with smartftp so i turn the default server back on .

    [08:43:11] SmartFTP v2.0.996.25
    [08:43:11] Resolving host name "10.10.64.164"
    [08:43:11] Connecting to 10.10.64.164 Port: 21
    [08:43:11] Connected to 10.10.64.164.
    [08:43:11] 500 Sorry, no server available to handle request on ::ffff:10.10.64.164
    [08:43:11] Cannot login waiting to retry (30s)...
    [08:43:11] Server closed connection

    nikolis
     
  4. falko

    falko Super Moderator

    What's the output of
    Code:
    netstat -tap
    and
    Code:
    iptables -L
    ? Any errors in your logs?
     
  5. n1kol1s

    n1kol1s New Member

    [root@wrl ~]# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address Stat e PID/Program name
    tcp 0 0 *:48868 *:* LIST EN 1618/rpc.statd
    tcp 0 0 *:mysql *:* LIST EN 1945/mysqld
    tcp 0 0 *:sunrpc *:* LIST EN 1600/portmap
    tcp 0 0 *:hosts2-ns *:* LIST EN 11725/ispconfig_htt
    tcp 0 0 10.10.64.164:domain *:* LIST EN 21310/named
    tcp 0 0 localhost.localdomai:domain *:* LIST EN 21310/named
    tcp 0 0 localhost.localdomain:ipp *:* LIST EN 1823/cupsd
    tcp 0 0 *:smtp *:* LIST EN 18508/master
    tcp 0 0 localhost.localdomain:rndc *:* LIST EN 21310/named
    tcp 0 0 *:imaps *:* LIST EN 1970/dovecot
    tcp 0 0 *:pop3s *:* LIST EN 1970/dovecot
    tcp 0 0 *:pop3 *:* LIST EN 1970/dovecot
    tcp 0 0 *:imap *:* LIST EN 1970/dovecot
    tcp 0 0 *:http *:* LIST EN 11750/httpd
    tcp 0 0 *:ftp *:* LIST EN 9412/proftpd: (acce
    tcp 0 0 *:ssh *:* LIST EN 1841/sshd
    tcp 0 0 localhost:rndc *:* LIST EN 21310/named
    tcp 0 0 *:https *:* LIST EN 11750/httpd
    tcp 0 0 ::ffff:10.10.64.164:ssh ::ffff:10.10.64.:seagulllms ESTA BLISHED 31453/0
    tcp 0 932 ::ffff:10.10.64.164:ssh ::ffff:10.10:isoipsigport-1 ESTA
    BLISHED 31552/1

    [root@wrl ~]# iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    the path cd /var/log/proftpd is empty no error logs there :confused:
     
  6. falko

    falko Super Moderator

    Can you change

    Code:
    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    <VirtualHost 10.10.64.164>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /var/www/web9/ftp>
    User web9_anonftp
    Group web9_anonftp
    UserAlias anonymous web9_anonftp
    UserAlias guest web9_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /var/www/web9/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    to

    Code:
    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    
    [B][COLOR="Red"]DefaultAddress 127.0.0.1[/COLOR][/B]
    
    <VirtualHost 10.10.64.164>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /var/www/web9/ftp>
    User web9_anonftp
    Group web9_anonftp
    UserAlias anonymous web9_anonftp
    UserAlias guest web9_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /var/www/web9/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    in /etc/proftpd_ispconfig.conf and restart Proftpd?
     
  7. n1kol1s

    n1kol1s New Member

    no , no luck
    sould i add a virual ip and set that up for the anonymus ftp..ill try that and ill post results.
    tnx
    nikolis
     
  8. n1kol1s

    n1kol1s New Member

    still same problem with the virual ip :(
    even tryed to to use it as a defaultaddress (virtual ip) anwell as 127.0.0.1
    nothing...

    ftp://wrl.homelinux.com

    [10:53:23] Connected to 10.10.64.165.
    [10:53:23] 220 Welcomme to my Ftp Server. Enjoy!
    [10:53:23] USER anonymous
    [10:53:23] 331 Password required for anonymous.
    [10:53:23] PASS (hidden)
    [10:53:23] 530 Login incorrect.
    [10:53:23] Active Help: http://www.smartftp.com/support/kb/index.php/51
    [10:53:27] Server closed connection
     
  9. falko

    falko Super Moderator

    Can you add the DefaultAddress line to /etc/proftpd_ispconfig.conf and /root/ispconfig/isp/conf/proftpd_ispconfig.conf.master and restart Proftpd and try again?
     
  10. n1kol1s

    n1kol1s New Member

    I added :
    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    <!-- BEGIN DYNAMIC BLOCK: vhost -->
    DefaultAddress 127.0.0.1
    <VirtualHost {IP}>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    {ANON_FTP}
    </VirtualHost>
    <!-- END DYNAMIC BLOCK: vhost -->
    and
    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    <VirtualHost 10.10.64.164>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /var/www/web9/ftp>
    User web9_anonftp
    Group web9_anonftp
    UserAlias anonymous web9_anonftp
    UserAlias guest web9_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /var/www/web9/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>

    with no luck!
    it seems to be a some sort of authentication/authorisation mix up with the anonymus ftp.
    tnx
    nikolis
     
  11. n1kol1s

    n1kol1s New Member

    the user web9 root there is a .htpassword file that contains the following
    web9_anonftp:!!web9_nikolis:}somethingsomething

    does this create the problem?
    tnx
     
  12. falko

    falko Super Moderator

    No, at least not for ProFTPD. It might be a problem for Apache.
    Do you get any error messages when you restart ProFTPD?
     
  13. n1kol1s

    n1kol1s New Member

    no i dont....:(
     
  14. falko

    falko Super Moderator

    What's the output of
    Code:
    ifconfig
    and
    Code:
    netstat -tap
    ?
     
  15. n1kol1s

    n1kol1s New Member

    eth0 Link encap:Ethernet HWaddr 00:14:85:C7:A8:9D
    inet addr:10.10.64.164 Bcast:10.10.64.255 Mask:255.255.255.0
    inet6 addr: fe80::214:85ff:fec7:a89d/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:21843 errors:0 dropped:0 overruns:0 frame:0
    TX packets:24062 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2270168 (2.1 MiB) TX bytes:11154183 (10.6 MiB)
    Interrupt:18 Base address:0xa800

    eth0:0 Link encap:Ethernet HWaddr 00:14:85:C7:A8:9D
    inet addr:10.10.64.165 Bcast:10.10.64.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    Interrupt:18 Base address:0xa800

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:8680 errors:0 dropped:0 overruns:0 frame:0
    TX packets:8680 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:2835038 (2.7 MiB) TX bytes:2835038 (2.7 MiB)
    and

    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:45926 *:* LISTEN 1625/rpc.statd
    tcp 0 0 *:mysql *:* LISTEN 1955/mysqld
    tcp 0 0 *:sunrpc *:* LISTEN 1607/portmap
    tcp 0 0 *:hosts2-ns *:* LISTEN 11753/ispconfig_htt
    tcp 0 0 10.10.64.165:domain *:* LISTEN 21498/named
    tcp 0 0 10.10.64.164:domain *:* LISTEN 21498/named
    tcp 0 0 localhost.localdomai:domain *:* LISTEN 21498/named
    tcp 0 0 localhost.localdomain:ipp *:* LISTEN 1830/cupsd
    tcp 0 0 *:smtp *:* LISTEN 32329/master
    tcp 0 0 localhost.localdomain:rndc *:* LISTEN 21498/named
    tcp 0 0 *:imaps *:* LISTEN 1977/dovecot
    tcp 0 0 *:pop3s *:* LISTEN 1977/dovecot
    tcp 0 0 *:pop3 *:* LISTEN 1977/dovecot
    tcp 0 0 *:imap *:* LISTEN 1977/dovecot
    tcp 0 0 *:http *:* LISTEN 11911/httpd
    tcp 0 0 *:ftp *:* LISTEN 22802/proftpd: (acc
    tcp 0 0 *:ssh *:* LISTEN 1848/sshd
    tcp 0 0 localhost:rndc *:* LISTEN 21498/named
    tcp 0 0 *:https *:* LISTEN 11911/httpd
    tcp 0 0 ::ffff:10.10.64.164:ssh ::ffff:10.10.64.162:sacred ESTABLISHED 15285/0

    tnx
    nikolis
     
  16. falko

    falko Super Moderator

    Which IP address do you use to connect to your FTP server for anonymous login? 10.10.64.164 or 10.10.64.165?

    Are there entries for both IP addresses in /etc/proftpd_ispconfig.conf?
    Did you enable anonymous FTP for both IP addresses?
     
  17. n1kol1s

    n1kol1s New Member

    the 10.10.64.164 is the ip of the main site of my server and anonymus ftp is enabled from the ispconfig panel. i created a virtual 10.10.64.165 ip address to test if the anonymus ftp is will work there but i get the same result.
    yes, both entries are in the /etc/proftpd_ispconfig.conf

    i heve no error log files in /var/log/proftpd actualy there are no files the at all. Were else can they be hiding?

    Ps if that gives you any clues, in my previus installations i had the same problem. im sick of reinstalling the whole server every time i get stuck somewere . I would like to figure out what is the problem..
    thx for your time
    nikolis

    ###################################
    #
    # ISPConfig proftpd Configuration File
    # Version 1.0
    #
    ###################################
    DefaultAddress 127.0.0.1
    DefaultAddress 127.0.0.1
    <VirtualHost 10.10.64.164>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /var/www/web9/ftp>
    User web9_anonftp
    Group web9_anonftp
    UserAlias anonymous web9_anonftp
    UserAlias guest web9_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    </Directory>
    <Directory /var/www/web9/ftp/incoming>
    Umask 002
    <Limit STOR>
    AllowAll
    </Limit>
    <Limit READ>
    DenyAll
    </Limit>
    </Directory>
    </Anonymous>
    </VirtualHost>
    DefaultAddress 127.0.0.1
    <VirtualHost 10.10.64.165>
    DefaultRoot ~
    AllowOverwrite on
    Umask 002
    <Anonymous /var/www/web12/ftp>
    User web12_anonftp
    Group web12_anonftp
    UserAlias anonymous web12_anonftp
    UserAlias guest web12_anonftp
    MaxClients 10
    <Directory *>
    <Limit WRITE>
    DenyAll
    </Limit>
    "proftpd_ispconfig.conf" [noeol] 61L, 1909C
     
    Last edited: Jul 16, 2006
  18. falko

    falko Super Moderator

    You need
    Code:
    DefaultAddress 127.0.0.1
    only once in your configuration.
    What address do you use in your FTP client? IP addresses or domain names?
     
  19. n1kol1s

    n1kol1s New Member

  20. falko

    falko Super Moderator

Share This Page