Problem connecting to ProFTPd

Discussion in 'HOWTO-Related Questions' started by atjensen11, Dec 5, 2007.

  1. atjensen11

    atjensen11 New Member

    This is the tutorial I have been following:
    http://www.howtoforge.com/proftpd_mysql_virtual_hosting

    I have done a netstat -tap and I can see the FTP server waiting for a connection. However, trying to connect to the FTP server through FileZilla keeps giving me an authentication error. This connection is being attempted on the local network to the IP address of the server.

    Firewall (Shorewall) is setup to allow FTP connections.

    I don't really see anything in the system logs that would lead me in the correct direction.

    Any help would be appreciated.

    Thanks,
    Tom
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Are there any errors related to this in /var/log/auth.log? If not, then probably the connection is blocked by the firewall, or you're accidentally trying to connect to a different server.
     
  3. atjensen11

    atjensen11 New Member

    More Information

    Falko,

    Thanks for the response.

    I cannot find any entries in /var/log/auth.log related to FTP logins. There isn't anything there, good or bad when I try to FTP to my server.

    There are entries in /var/log/proftpd/proftpd.log however.
    Code:
    Dec 06 21:28:32 gopher proftpd[17109] gopher.mydomain.com (::ffff:192.168.100.150[::ffff:192.168.100.150]): FTP session closed.
    FYI - My domain is not really mydomain.com. I obfuscated it since a lot of this Ubuntu stuff is new to me. I am learning and having a hard enough time without my server attempting to be hacked every second. So far so good but I digress.

    The IP address shown in my proftpd log is obviously an internal LAN IP address. In Filezilla, I am using the internal LAN of the server for the URL rather than the domain name, so I am pretty confident that I am connecting to the right server. If not, I wouldn't see the attempt in the log.

    I am running Shorewall for a firewall on the Ubuntu server. I used a predefined macro in order to enable FTP connections. I can't remember off hand where to look to see what rules are added with a predefined macro.

    For good measure, I do have my router forwarding ports 20 and 21 to the Ubuntu server. But I don't think this applies yet since I am only connecting from the internal LAN and my router only forwards external ports.

    Lastly, I have tried both the Passive and Active mode setting in Filezilla. Neither has any luck.

    Is there a way I can test natively (like you do with a mail server by telnet 25) to test FTP without a client program like Filezilla?

    Thanks,
    Tom
     
  4. Hans

    Hans Moderator ISPConfig Developer

    Yes you can with:

    telnet host.domainname.tld 21 within the command line on your local desktop
     
  5. atjensen11

    atjensen11 New Member

    Telnet Results

    I logged onto the SSH of my server. I entered the command:

    Code:
    telnet localhost 21
    The resulting display was

    Code:
    Trying 127.0.0.1...
    Connected to localhost
    Escape character is '^]'.
    Connection closed by foreign host.
    I found it weird that it didn't ask me for a user name or password. The connection was immediately closed which is similar to the message I see in Filezilla.

    Does this help at all?

    I really appreciate your willingness to help people like me figure our problems out.

    Thanks,
    Tom
     
    Last edited: Dec 9, 2007
  6. falko

    falko Super Moderator ISPConfig Developer

    What's the output of
    Code:
    netstat -tap
    and
    Code:
    hostname -f
    ? What's in your proftpd.conf and /etc/hosts?
     
  7. atjensen11

    atjensen11 New Member

    Log and Configuration Outputs

    netstat -tap

    Code:
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 localhost:60000         *:*                     LISTEN     5742/postgrey.pid -
    tcp        0      0 localhost:10024         *:*                     LISTEN     393/amavisd (virgin
    tcp        0      0 localhost:10025         *:*                     LISTEN     6239/master
    tcp        0      0 localhost:mysql         *:*                     LISTEN     5682/mysqld
    tcp        0      0 *:netbios-ssn           *:*                     LISTEN     6258/smbd
    tcp        0      0 *:submission            *:*                     LISTEN     6239/master
    tcp        0      0 *:webmin                *:*                     LISTEN     6457/perl
    tcp        0      0 *:ssmtp                 *:*                     LISTEN     6239/master
    tcp        0      0 gopher.jensenliv:domain *:*                     LISTEN     5553/named
    tcp        0      0 localhost:domain        *:*                     LISTEN     5553/named
    tcp        0      0 gopher.jensenlive.c:ssh *:*                     LISTEN     5575/sshd
    tcp        0      0 *:smtp                  *:*                     LISTEN     6239/master
    tcp        0      0 localhost:953           *:*                     LISTEN     5553/named
    tcp        0      0 *:microsoft-ds          *:*                     LISTEN     6258/smbd
    tcp        0      0 localhost:44619         localhost:mysql         TIME_WAIT  -
    tcp        0      0 localhost:44618         localhost:mysql         TIME_WAIT  -
    tcp        0      0 localhost:44617         localhost:mysql         TIME_WAIT  -
    tcp        0   1924 gopher.jensenlive.c:ssh 192.168.100.150:3939    ESTABLISHED425/sshd: HIDDEN [
    tcp        0      0 localhost:mysql         localhost:44614         TIME_WAIT  -
    tcp6       0      0 *:imaps                 *:*                     LISTEN     6133/couriertcpd
    tcp6       0      0 *:pop3s                 *:*                     LISTEN     6173/couriertcpd
    tcp6       0      0 *:pop3                  *:*                     LISTEN     6151/couriertcpd
    tcp6       0      0 *:imap2                 *:*                     LISTEN     6113/couriertcpd
    tcp6       0      0 *:www                   *:*                     LISTEN     6417/apache2
    tcp6       0      0 *:ftp                   *:*                     LISTEN     6370/proftpd: (acce
    tcp6       0      0 *:domain                *:*                     LISTEN     5553/named
    tcp6       0      0 ip6-localhost:953       *:*                     LISTEN     5553/named
    
    hostname -f
    Code:
    gopher.jensenlive.com
    /etc/hosts
    Code:
    127.0.0.1        localhost
    192.168.100.2    gopher.jensenlive.com gopher
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allroutes
    ff02::3 ip6-allhosts
    As far as I know, my machine is not IP6 capable so I could probably delete many of the entries in the hosts file.

    /etc/proftpd/proftpd.conf
    Code:
    #
    # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    # 
    
    # Includes DSO modules
    Include /etc/proftpd/modules.conf
    
    # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
    UseIPv6				on
    
    ServerName			"Debian"
    ServerType			standalone
    DeferWelcome			off
    
    MultilineRFC2228		on
    DefaultServer			on
    ShowSymlinks			on
    
    TimeoutNoTransfer		600
    TimeoutStalled			600
    TimeoutIdle			1200
    
    DisplayLogin                    welcome.msg
    DisplayFirstChdir               .message
    ListOptions                	"-l"
    
    DenyFilter			\*.*/
    
    # Use this to jail all users in their homes 
    DefaultRoot			~
    
    # Users require a valid shell listed in /etc/shells to login.
    # Use this directive to release that constrain.
    # RequireValidShell		off
    
    # Port 21 is the standard FTP port.
    Port				21
    
    # In some cases you have to specify passive ports range to by-pass
    # firewall limitations. Ephemeral ports can be used for that, but
    # feel free to use a more narrow range.
    # PassivePorts                  49152 65534
    
    # If your host was NATted, this option is useful in order to
    # allow passive tranfers to work. You have to use your public
    # address and opening the passive ports used on your firewall as well.
    # MasqueradeAddress		1.2.3.4
    
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30.  If you need to allow more than 30 concurrent connections
    # at once, simply increase this value.  Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances			30
    
    # Set the user and group that the server normally runs at.
    User				proftpd
    Group				nogroup
    
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask				022  022
    # Normally, we want files to be overwriteable.
    AllowOverwrite			on
    
    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    # PersistentPasswd		off
    
    # Be warned: use of this directive impacts CPU average load!
    # Uncomment this if you like to see progress and transfer rate with ftpwho
    # in downloads. That is not needed for uploads rates.
    #
    # UseSendFile			off
    
    # Choose a SQL backend among MySQL or PostgreSQL.
    # Both modules are loaded in default configuration, so you have to specify the backend 
    # or comment out the unused module in /etc/proftpd/modules.conf.
    # Use 'mysql' or 'postgres' as possible values.
    #
    #<IfModule mod_sql.c>
    # SQLBackend			mysql
    #</IfModule>
    
    TransferLog /var/log/proftpd/xferlog
    SystemLog   /var/log/proftpd/proftpd.log
    
    <IfModule mod_tls.c>
    TLSEngine off
    </IfModule>
    
    <IfModule mod_quota.c>
    QuotaEngine on
    </IfModule>
    
    <IfModule mod_ratio.c>
    Ratios on
    </IfModule>
    
    
    # Delay engine reduces impact of the so-called Timing Attack described in
    # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
    # It is on by default. 
    <IfModule mod_delay.c>
    DelayEngine on
    </IfModule>
    
    <IfModule mod_ctrls.c>
    ControlsEngine        on
    ControlsMaxClients    2
    ControlsLog           /var/log/proftpd/controls.log
    ControlsInterval      5
    ControlsSocket        /var/run/proftpd/proftpd.sock
    </IfModule>
    
    <IfModule mod_ctrls_admin.c>
    AdminControlsEngine on
    </IfModule>
    
    # A basic anonymous configuration, no upload directories.
    
    # <Anonymous ~ftp>
    #   User				ftp
    #   Group				nogroup
    #   # We want clients to be able to login with "anonymous" as well as "ftp"
    #   UserAlias			anonymous ftp
    #   # Cosmetic changes, all files belongs to ftp user
    #   DirFakeUser	on ftp
    #   DirFakeGroup on ftp
    # 
    #   RequireValidShell		off
    # 
    #   # Limit the maximum number of anonymous logins
    #   MaxClients			10
    # 
    #   # We want 'welcome.msg' displayed at login, and '.message' displayed
    #   # in each newly chdired directory.
    #   DisplayLogin			welcome.msg
    #   DisplayFirstChdir		.message
    # 
    #   # Limit WRITE everywhere in the anonymous chroot
    #   <Directory *>
    #     <Limit WRITE>
    #       DenyAll
    #     </Limit>
    #   </Directory>
    # 
    #   # Uncomment this if you're brave.
    #   # <Directory incoming>
    #   #   # Umask 022 is a good standard umask to prevent new files and dirs
    #   #   # (second parm) from being group and world writable.
    #   #   Umask				022  022
    #   #            <Limit READ WRITE>
    #   #            DenyAll
    #   #            </Limit>
    #   #            <Limit STOR>
    #   #            AllowAll
    #   #            </Limit>
    #   # </Directory>
    # 
    # </Anonymous>
    
    ################### Added by Me ###################
    # The passwords in MySQL are encrypted using CRYPT
    SQLAuthTypes		Plaintext Crypt
    SQLAuthenticate		users* groups*
    
    # used to connect to the database
    # [email protected] database_user user_password
    SQLConnectInfo		[email protected]		proftpd		HIDDEN
    Thanks again for your help.
     
    Last edited: Dec 8, 2007
  8. atjensen11

    atjensen11 New Member

    Tailing MySQL

    I decided to try and tail the MySQL log. I figured I should see some activity in the log when attempting to login through Filezilla to my FTP site.

    However, there was no activity that was logged to the MySQL log. Therefore, I am thinking there must be some problem with the authentication through MySQL.

    I double checked the /etc/proftpd/proftp.conf file and saw the following:

    Code:
    # Choose a SQL backend among MySQL or PostgreSQL.
    # Both modules are loaded in default configuration, so you have to specify the backend 
    # or comment out the unused module in /etc/proftpd/modules.conf.
    # Use 'mysql' or 'postgres' as possible values.
    #
    #<IfModule mod_sql.c>
    # SQLBackend			mysql
    #</IfModule>
    I looked back through the How-To and didn't see anything mentioning this module. So I uncommented the lines for the module and tried again.

    Code:
    # Choose a SQL backend among MySQL or PostgreSQL.
    # Both modules are loaded in default configuration, so you have to specify the backend 
    # or comment out the unused module in /etc/proftpd/modules.conf.
    # Use 'mysql' or 'postgres' as possible values.
    #
    <IfModule mod_sql.c>
    SQLBackend			mysql
    </IfModule>
    With the lines uncommented, the MySQL log now shows action when tailing the log. Additionally, when I telnet to the machine, the connection is no longer immediately closed. Also Filezilla reports a new line in the message console that reports the user "exampleuser" which it wasn't reporting earlier.

    But despite the step forward, I am still unable to connect.

    At the command line, I typed:

    Code:
    ftp localhost
    I then entered the "exampleuser" user name. This was the result:

    Code:
    Connected to localhost.
    220 ProFTPD 1.3.0 Server (Debian) [127.0.0.1]
    Name (localhost:HIDDEN): exampleuser
    421 Service not available, remote server has closed connection
    Login failed.
    No control connection for command: No such file or directory
    Where can I determine or configure the control channel for FTP?
     
    Last edited: Dec 9, 2007
  9. falko

    falko Super Moderator ISPConfig Developer

    Any errors related to this in your logs?
     
  10. atjensen11

    atjensen11 New Member

    Log Review

    I am not quite sure which logs I should be checking for errors.

    There are absolutely no entries for any FTP processes in the /var/log/auth.log.

    The same is true for the /var/log/syslog.

    There are only "FTP session opened." and "FTP session closed." entries in the /var/log/proftpd/proftpd.log.

    This is a sample result from the /var/log/mysql/mysql.log:
    Code:
    071209 17:42:38	    796 Connect     [email protected] on ftp
    071209 17:42:48	    796 Query       SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (userid='exampleuser') LIMIT 1
    		    796 Quit
    So I don't see anything yet in the logs that would point me in the correct direction.
     
  11. atjensen11

    atjensen11 New Member

    Resolved

    I am pretty sure I found the problem. I am almost ashamed to admit what it was, but I realized my proftpd.conf file was missing several lines. I installed ProFTPd late at night. So I either typed those lines and forgot to save them or I just flat out missed them.

    I discovered the error when I was double checking all the work I had done going through the How To the first time around.

    In the end, I still had to enable the SQL module to get it to work. That was the only thing different from the How To as posted.

    I really appreciate the willingness of every one to help me out.

    Thank you.
     

Share This Page