Argh.

Just set up a new box with RHL8.0 server install. Got apache, SQL, PHP, and some other stuff running great but FTP is driving me nuts.

No matter what settings I try, whether in vsftpd.conf or xinetd or whatever I can hit the server in my browser but it wont take any login name at all, no matter how many accounts I create server side or whether Anonymous is allowed or not. I followed the guide listed under the FTP How To's thread here and still no dice.

I tried running the FTPCheck script here on the box: http://david.weekly.org/code/ and it tells me that it's denying connections to localhost.

Since I've tried everything in the book, could this be a firewall problem? On installation I set the firewall rules to allow ftp connections but how can I tell? The IP tables stuff is over my head so could someone tell me how to check/set the correct rules for ftp?


Thanks for the help.

Hi,

For specific services - many of them ship with config files on the rpm (e.g. telnet) that have the service disabled by default. To activate it you have to edit the config and change the 'disable=yes' to 'disable=no' - e.g. .etc/xinetd.d/telnet for telnet; /etc/xinted.d/vsftpd for the ftp daemon. Then restart the xinetd daemon and all should be well !

The vsftpd service is enabled...I've checked many times that it is enabled and when i run

netstat -a | grep ftp

it tells me that the server is running:

tcp 0 0 *:ftp *:* LISTEN

So that isnt the problem. Like I said when I go to the ftp server in my browser it prompts me for a login but it seems that it wont accept the login.

Try this;
iptables -L
to see if the firewall is blocking.

Try using ftp from the cmd line in an x-win, and show us the exact cmd and responses you got.
Try running
tail -f /var/log/messages
in another x-win at the same time , so you can see any msgs being logged.

Thanks for the reply.

When checking the firewall, I get the following:

Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

So it seems I am OK there...the line "ACCEPT ALL --ANYWHERE" sort of bothers me a little, any signifigance?

As for logging into ftp, when I try to connect to localhost I get:

ftp> open
(to) localhost
Connected to localhost (127.0.0.1).
500 OOPS: bad bool value in config file
ftp>

This doesn't make sense since after I first saw this message a few days ago I went on the internet and grabbed someone else's sample vsftpd.conf and got the same message. I restored mine when the error was consistent. My vsftpd file under xinet.d looks exactly as it should, word for word. What could it be referring to?

Thanks again.

2 things occur to me.
1,. you apparently don't have any output rules at all, which is very unusual and (i think) indicates no output allowed, which, given tcp is a 2 way conversation, could be a prob ;)
2. bad bool val in config file means a bad boolean (true/false) flag in the relevant config file. Either set wrong or corrupt or config file version != program version.
You could try a google for that including vsftpd.

I had this problem for a long time until I finally figured it out.

I usually edit my configuration files on notepad via samba, and whenever I saved vsftpd.conf from there, it would give me the bad bool value again.

The way to counter this was to get the original vsftpd.conf that is shipped with RedHat8 and edit it using only an editor like emacs.

Thanks for the replies.

Chris, I'm not sure about the firewall thing you said...basically either it's allowing all outgoing or none, right? It has to be allowing all since I have apache running my website which works great, not to mention to CS server I have going.

Redhat, it turns out you are right. I copied and pasted all of the stuff from the vsftpd.conf file into one I created in emacs, and it stopped complaining about bad bool. It then complained about the user files, which I did the same thing, and then it wanted banned emails and chroot files, which I created and left empty.

Then, I got THIS error:

ftp> open
(to) localhost
Connected to localhost (127.0.0.1).
500 OOPS: str_getpwnam: ftpsecure
ftp>

I searched for the error on the net and came up with this faq:
http://public.planetmirror.com/pub/vsftpd/untar/vsftpd-1.1.2/FAQ

Which says a str_getpwnam error is because vsftpd is trying to use the user 'nobody' to run some routines. First I checked to see if user nobody existed, and it does, so I then created user ftpsecure, and lo and behold, it works now.

Thanks again for the help...and I hope this helps out some other people if they're having similar problems.

Actually, that diff in editors between win and unix comes up a lot, except once you've seen it, most people tend to stick to one or the other. ;)
You notice it if you txfr text files between the 2 a lot.
Try opening a file in vi that you've just created in notepad or word... :)