vsftp does not work

[tim]

I have installed vsftp using Macsat tutorial. Process starts but I have timeout on client side. This is a syslog:

Jun 18 20:07:05 xinetd[115]: xinetd Version 2.3.13 started with no options compiled in.
...
Jun 18 20:08:23 xinetd[115]: START: ftp pid=140 from=192.168.x.x
...
Jun 18 20:09:43 xinetd[140]: FAIL: ftp address from=192.168.x.x

What is wrong?

[sup]

I have got the same problem and the same log and I am running out of ideas, what is behind it. I only know it has nothing to do with the firewall (I shut it down and problem persisted). It is strange because it worked for a while last week (before I start playing around wit thttpd-php - sadlt it is not workig either). The only diference from Tim`s case seems to be that both the web server and ftp are reachable from the lan side, I cannot connect from the wan side though (smart ftp says this:
Resolving host name 10.102.236.214...
Connecting to (10.102.236.214) -> IP: 10.102.236.214 PORT: 21
Connected to (10.102.236.214) -> Time = 10ms
Socket connected waiting for login sequence.
Cannot login waiting to retry (30s).

[sup]

Just found out that when I disable ftp server through the webinterface, smartftp says "No response from the server" - seems strange to me since I am using vsftpd and not stupid-ftpd:-/. from lan it works the same both ways.

[sup]

my log is actually this
Jun 20 23:53:47 xinetd[157]: START: ftp pid=216 from=194.108.97.160
Jun 20 23:53:47 xinetd[216]: FAIL: ftp address from=194.108.97.160
Jun 20 23:53:51 kernel: DROPIN=eth1 OUT= MAC=00:11:2f:86:8e:f0:00:80:48:1e:6b:84:08:00 SRC=194.108.97.160 DST=192.168.1.1 LEN=48 TOS=0x00 PREC=0x20 TTL=115 ID=3891 DF PROTO=TCP SPT=1630 DPT=81 SEQ=413564094 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204057001010402)
Jun 20 23:53:54 kernel: DROPIN=eth1 OUT= MAC=00:11:2f:86:8e:f0:00:80:48:1e:6b:84:08:00 SRC=194.108.97.160 DST=192.168.1.1 LEN=48 TOS=0x00 PREC=0x20 TTL=115 ID=3892 DF PROTO=TCP SPT=1630 DPT=81 SEQ=413564094 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204057001010402)
Jun 20 23:54:01 kernel: DROPIN=eth1 OUT= MAC=00:11:2f:86:8e:f0:00:80:48:1e:6b:84:08:00 SRC=194.108.97.160 DST=192.168.1.1 LEN=48 TOS=0x00 PREC=0x20 TTL=115 ID=3893 DF PROTO=TCP SPT=1630 DPT=81 SEQ=413564094 ACK=0 WINDOW=8192 RES=0x00 SYN URGP=0 OPT (0204057001010402)

(194... ip adress is a dynamic adress - I am using my back-up phone modem connection to test the access from wan) - I am no really sure, what this means, it looks like the connection is estabilished, but then something for some reason closes it. I think it does not have anything to do with firewall, because if I shut it down, it is just the same. So it looks like the problem is somewhere deeper in the device, which is exactly what I do not understand a damn bit - maybe a complete reinstall of the packages, firmaware and so will help, will try as soon as I got some spare time.
(oh, by the way - I was using the 5a and 6a firmware and it is just about the same with both of them)

[sup]

well, the problem with the web will be in the firewall after all, because when I shut it down, it works.
However, about the ftp - do I need any port forwarding in virtual server? Ergo 20:21 to 21 on 192.168.1.1?

[tim]

I've solved this using manual installation.

post-boot invokes another batch:

#!/bin/sh
killall xinetd
killall stupid-ftpd
cp /opt/tim/stupid-ftpd.conf /tmp
stupid-ftpd

Thus we kill all processes that can probably utilize ftp port and then starts simple stupid-ftp with given conf.

Here it is:

mode=daemon
serverroot=/opt/ftp_pub
banmsg=You have no permission
log=/tmp/stupid-ftpd.log
port=21
maxusers=12
login-timeout=120
timeout=240
user=login pass / 2 A

[tim]

and of course you should open ftp port:

iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -j DROP

[sup]

I can confirm that Tim´s solution works for me as well, however I do not really want to run stupid-ftpd deamon:-(

[fastclick]

I guess your problem resides in an invalid configuration of the xinet.d

in the corresponding conf-file there should be a section to config the hosts which are allow to connect.

add your host/s

[sup]

Thanks very much for suggesting this, becasue it actually solved my problem (at least now it is working, just hoping it stays so). I added this line

Code:

only_from = 0.0.0.0/0

to the xinetd config file (located here in my case: /opt/etc/xinetd.d/vsftp) - probably just another solution would be to make vsftpd run in standalone (did not try though).