Can't connect fo FTP (CentOS)

Intra-Agnostic

Intra-Agnostic

Intra-Agnostic

Associate
Joined
18 Oct 2002
Posts
1,863
Location
Ammanford, Wales, UK.
Hi Guys,

Let me start out by saying that I'm not an expert with Linux....I know what I need to get by. But I've been scratching my head with this one for a few days.

I can't connect to FTP externally. Locally it works fine.
I'm running CentOS 6.4 64 Bit.
I've tried multiple ftp servers (vsftpd and pureftp)
I have also tried disabling both iptables and ip6tables to no effect.

nmap shows the port as open also.

Code: 
Starting Nmap 5.51 ( http://nmap.org ) at 2014-01-17 19:24 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000013s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
25/tcp   open  smtp
80/tcp   open  http
3306/tcp open  mysql

Code: 
[root@CentOS-64-64-minimal pure-ftpd]# ftp localhost 21
Connected to localhost (127.0.0.1).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 1 of 50 allowed.
220-Local time is now 19:27. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:root): faststone
331 User faststone OK. Password required
Password:
230 OK. Current directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Any suggestions would be greatly appreciated, and if you need any further info just ask :)

Intra~
 
Last edited:
oh right, so by locally I assume you mean from ssh. (Though I can't see any ports open from your nmap for ssh :confused:)

Had assumed this was something you had going at home with the local/remote mention. Would be more secure to just use sftp if you are already ssh'ing into the server.

Is it an authenticated error you're getting externally or can it not connect to the server at all? Just installed pure-ftpd on centos and managed to connect fine externally so if you haven't change anything in the configuration then that won't be the issue. (Could have been set by default to only listen on 127.0.0.1).

What output does iptables -L give you?
 
As Phantom Shadow says please consider using sftp, preferably chrooted, rather than insecure FTP ... it's trivial to sniff the authentication info for FTP.

What error exactly are you getting on connection?
Is there anything in your log files on the server, e.g. messages, secure, application specific logs under /var/log ?
What is the status of selinux on the server?
 
Thanks for the replies guys.
Sorry for the confusion Shadow. Yes, when I said locally I meant through ssh.

I do normally use sftp, however I also use a program called Faststone which allows me to screengrab and instantly upload the image to my webserver.
This software requires FTP, doesn't have an sftp option.

Iptables has no policies at the moment.

Code: 
[root@CentOS-64-64-minimal ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@CentOS-64-64-minimal ~]#

There is nothing relevant in the logs that I can see.

The exact error is this, using Filezilla
Code: 
Status:	Connecting to *.*.*.*:21... (IP Removed)
Error:	Connection timed out
Error:	Could not connect to server

When I connect using sftp, its fine.
Code: 
Status:	Connecting to *.*.*.*:2224...
Response:	fzSftp started
Command:	open "faststone@*.*.*.*" 2224
Command:	Pass: *****************
Status:	Connected to *.*.*.*
Status:	Retrieving directory listing...

Code: 
[root@CentOS-64-64-minimal ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
 
Last edited:
hmm, would you mind sending me the IP in trust to see if I can attempt connection? No iptables, no selinux, sftp/ssh works, localhost connection works... can't really see what could be causing it to not work other than a configuration issue on your client.

A standard centos installation with a fresh pure-ftpd server should be externally accessible straight away. Haven't got a different firewall installed have you?
 
LizardKing said:
Have you got a default GW set?
Click to expand...

Code: 
[root@CentOS-64-64-minimal ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
144.*.*.*  0.0.0.0         255.255.255.255 UH    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         144..*.*.*  0.0.0.0         UG    0      0        0 eth0
[root@CentOS-64-64-minimal ~]#


*Removed public IP
 
Last edited:
Code: 
[****@archlinux ~]$ ftp *.*.*.* 21
Connected to *.*.*.*
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 16:21. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (*.*.*.*:****):
 
You must log in or register to reply here.
Back
Top Bottom