FTP error: 421 unable to connect to remote server 3

[fibajo]

Hi,
I have a problem with a SunBlade 100 WS (Solaris 5.8). I can telnet it but if I try to make an ftp I receive the following message :
421 unable to connect to remote server. Try again later.
I've checked the /etc/services and /etc/inetd.conf files and they look fine. The /etc/ftpusers doesn't restrict the access for my user.
What else I'd check. How can I restart or verify if the ftp daemon server is up.
How many ways exists to modify configuration files and restrict access for Telnet and ftp for everybody?
Thanks!

 

[kduffin]

is ftp enabled in /etc/inetd.conf? You can see if the port is listening (netstat -an | grep 21 | grep LIST). You should start by troubleshooting the facility, ie. ftp directly from the server that is running ftpd.

Cheers,
Keith
keith@duffin.org

http://www.duffin.org

 

[fibajo]

OK Keith!
The service is not running , I applied the command you told me and the port is not opened. Only appears a line for *.54321 that hasn't nothing to do with ftp. right?
In the /etc/inetd.conf file the line for the ftp server is commented (#). I edit the file and remove the #. But if try to ftp I receive the message ftp: ftp/tcp unknown service.
I suppose I need to start the daemon, but I'm not sure how to do this. Is with inet -s ?. Could you tell me?

Thanks a lot!

fibajo

 

[blainepruitt]

I would check under /etc/init.d and do a grep for inetd. If I am not mistaken the ftpd is invoked from there.

Good luck!
BP

 

[fibajo]

Hi, guys. thanks for your comments.
I've found the way to re-read the inetd.conf file. It's with "killall HUP". Unfourtunately I still have the problem.
I edit the inetd.conf file and uncommented the lines :

ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
telnet stream tcp6 nowait root /usr/sbin/in.telnetd etc..

then, I issued the command "killall HUP" to re-read the file but when I run the "netstat -an | grep 21 | grep LIST" command I only get the line:

*.54321 *.* 0 0 24576 0 LISTEN

ftpd is still down.

I checked under the path /etc/init.d as blainepruitt told me and I found that in the last line of the "inetsvc" file I have this : "/usr/sbin/inetd -s" . This is the line where the inetd is invoked , right?. From the man file for inetd I learned the -s option is to run inetd as "stand-alone" and also when no configuration file is given the inetd reads the inetd.conf file. But is supposed my inetd.conf file is fine, why is still down the ftpd?!!.
Is there anything else I can check?
I read something about initalization files under /etc/rc2.d and rc3.d, is it possible to find something there?

Thanks

 

[dbase77]

Hi,

Try "ps -ef |grep inetd". IF no inetd process running, just type in "/usr/sbin/inetd -s". Then do "ps -ef | grep inetd" again. Last run "netstat -an | grep 21".

regards,
feroz

 

[fibajo]

If inetd is already running (root 212 1 0 Nov 10 ? 12:20 /usr/sbin/inetd -s )what else should I do?
Thank U

 

[dbase77]

Hi,

Iin that case, after u edit your inetd.conf run "kill -HUP inetd_pid". That should reload your inetd.conf file. Run netstat -an | grep 21 again and post here.


dbase77

 

[fibajo]

I've done that but the ftpd didn't start.... Well, indeed I made an "killall -HUP" to reload the inetd.conf file. It should be the same isn't it?
Is there something else I should check? Maybe a link file or whatever...
thanks!

 

[dbase77]

hi,

hmmm strange if you type kill -HUP inetd_pid still ftp not listening. can you paste your inetd.conf file?

dbase77

 

[fibajo]

Ok, here it is. (Sorry for the delay , but I had to leave the office )
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
$ cat /etc/inetd.conf
#ident &quot;@(#)inetd.conf 1.45 02/11/05 SMI&quot; /* SVr4.0 1.5 */
#
#
#
# Configuration file for inetd(1M). See inetd.conf(4).
#
# To re-configure the running inetd process, edit this file, then
# send the inetd process a SIGHUP.
#
# Syntax for socket-based Internet services:
# <service_name> <socket_type> <proto> <flags> <user> <server_pathname> <args>
#
# Syntax for TLI-based Internet services:
#
# <service_name> tli <proto> <flags> <user> <server_pathname> <args>
#
# IPv6 and inetd.conf
# By specifying a <proto> value of tcp6 or udp6 for a service, inetd will
# pass the given daemon an AF_INET6 socket. The following daemons have
# been modified to be able to accept AF_INET6 sockets
#
# ftp telnet shell login exec tftp finger printer
#
# and service connection requests coming from either IPv4 or IPv6-based
# transports. Such modified services do not normally require separate
# configuration lines for tcp or udp. For documentation on how to do this
# for other services, see the Solaris System Administration Guide.
#
# You must verify that a service supports IPv6 before specifying <proto> as
# tcp6 or udp6. Also, all inetd built-in commands (time, echo, discard,
# daytime, chargen) require the specification of <proto> as tcp6 or udp6
#
# The remote shell server (shell) and the remote execution server
# (exec) must have an entry for both the &quot;tcp&quot; and &quot;tcp6&quot; <proto> values.
#
# Ftp and telnet are standard Internet services.
#
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd
telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd
#
# Tnamed serves the obsolete IEN-116 name server protocol.
#
name dgram udp wait root /usr/sbin/in.tnamed in.tnamed
#
# Shell, login, exec, comsat and talk are BSD protocols.
#
#shell stream tcp nowait root /usr/sbin/in.rshd in.rshd
#shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd
#login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind
#exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd
#exec stream tcp6 nowait root /usr/sbin/in.rexecd in.rexecd
#comsat dgram udp wait root /usr/sbin/in.comsat in.comsat
#talk dgram udp wait root /usr/sbin/in.talkd in.talkd
#
# Must run as root (to read /etc/shadow); &quot;-n&quot; turns off logging in utmp/wtmp.
#
#uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd
#
# Tftp service is provided primarily for booting. Most sites run this
# only on machines acting as &quot;boot servers.&quot;
#
tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tft
pboot
#
# Finger, systat and netstat give out user information which may be
# valuable to potential &quot;system crackers.&quot; Many sites choose to disable
# some or all of these services to improve security.
#
#finger stream tcp6 nowait nobody /usr/sbin/in.fingerd in.fingerd
#systat stream tcp nowait root /usr/bin/ps ps -ef
#netstat stream tcp nowait root /usr/bin/netstat netstat
-f inet
#
# Time service is used for clock synchronization.
#
#time stream tcp6 nowait root internal
#time dgram udp6 wait root internal
#
# Echo, discard, daytime, and chargen are used primarily for testing.
#
#echo stream tcp6 nowait root internal
#echo dgram udp6 wait root internal
#discard stream tcp6 nowait root internal
#discard dgram udp6 wait root internal
#daytime stream tcp6 nowait root internal
#daytime dgram udp6 wait root internal
#chargen stream tcp6 nowait root internal
#chargen dgram udp6 wait root internal
#
#
# RPC services syntax:
# <rpc_prog>/<vers> <endpoint-type> rpc/<proto> <flags> <user> # <pathname> <args>
#
# <endpoint-type> can be either &quot;tli&quot; or &quot;stream&quot; or &quot;dgram&quot;.
# For &quot;stream&quot; and &quot;dgram&quot; assume that the endpoint is a socket descriptor.
# <proto> can be either a nettype or a netid or a &quot;*&quot;. The value is
# first treated as a nettype. If it is not a valid nettype then it is
# treated as a netid. The &quot;*&quot; is a short-hand way of saying all the
# transports supported by this system, ie. it equates to the &quot;visible&quot;
# nettype. The syntax for <proto> is:
# *|<nettype|netid>|<nettype|netid>{[,<nettype|netid>]}
# For example:
# dummy/1 tli rpc/circuit_v,udp wait root /tmp/test_svc
test_svc
#
# Solstice system and network administration class agent server
#100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind
#
# Rquotad supports UFS disk quotas for NFS clients
#
#rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/rquotad rquotad
#
# The rusers service gives out user information. Sites concerned
# with security may choose to disable it.
#
#rusersd/2-3 tli rpc/datagram_v,circuit_v wait root /usr/lib/netsv
c/rusers/rpc.rusersd rpc.rusersd
#
# The spray server is used primarily for testing.
#
#sprayd/1 tli rpc/datagram_v wait root /usr/lib/netsvc/spray/rpc.spra
yd rpc.sprayd
#
# The rwall server allows others to post messages to users on this machine.
#
#walld/1 tli rpc/datagram_v wait root /usr/lib/netsvc/rwall/
rpc.rwalld rpc.rwalld
#
# Rstatd is used by programs such as perfmeter.
#
#rstatd/2-4 tli rpc/datagram_v wait root /usr/lib/netsvc/rstat/rpc.rstatd
rpc.rstatd
#
# The rexd server provides only minimal authentication and is often not run
#
#rexd/1 tli rpc/tcp wait root /usr/sbin/rpc.rexd rpc.rexd
#
# rpc.cmsd is a data base daemon which manages calendar data backed
# by files in /var/spool/calendar
#
#
# Sun ToolTalk Database Server
#
#100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd rpc.ttdbse
rverd
#
# UFS-aware service daemon
#
#ufsd/1 tli rpc/* wait root /usr/lib/fs/ufs/ufsd ufsd -p
#
# Sun KCMS Profile Server
#
#100221/1 tli rpc/tcp wait root /usr/openwin/bin/kcms_server kcms_ser
ver
#
# Sun Font Server
#
#fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs
#
# CacheFS Daemon
#
100235/1 tli rpc/ticotsord wait root /usr/lib/fs/cachefs/cachefsd cachefsd
#
# Kerberos V5 Warning Message Daemon
#
100134/1 tli rpc/ticotsord wait root /usr/lib/krb5/ktkt_warnd
ktkt_warnd
#
# Print Protocol Adaptor - BSD listener
#
#printer stream tcp6 nowait root /usr/lib/print/in.lpd
in.lpd
#
# GSS Daemon
#
#100234/1 tli rpc/ticotsord wait root /usr/lib/gss/gssd gssd
#
# AMI Daemon
#
#100146/1 tli rpc/ticotsord wait root /usr/lib/security/amiser
v amiserv
#100147/1 tli rpc/ticotsord wait root /usr/lib/security/amiser
v amiserv
#
# OCF (Smart card) Daemon
#
#100150/1 tli rpc/ticotsord wait root /usr/sbin/ocfserv
ocfserv
#dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/bin/dtspcd
#100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd rpc.cmsd
#sun-dr stream tcp wait root /usr/lib/dcs dcs
#sun-dr stream tcp6 wait root /usr/lib/dcs dcs
#300326/4 tli rpc/tcp wait root /platform/SUNW,Ultra-Enterprise-
10000/lib/dr_daemon dr_daemon
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

Thanks!

 

[dbase77]

Hi,

Your inetd.conf look fine. I need you to reload inetd.conf again by issuing this command:

1) ps -ef | grep inetd (to get inetd_pid number)
2) kill -HUP inetd_pid (try not to use killall -HUP)
3) netstat -an | grep 21 (to check wether port 21 is liestening)

If still no joy, can you check you in.ftpd file if it exist on your system (ls -l /usr/sbin/in.ftpd).

dbase77

 

[fibajo]

Hi dbase77,
I've solved my problem. In the /etc/services file I had hashed (#) the lines for ftp and pftdata:
#ftp-data 20/tcp
#ftp 21/tcp

So , I just removed the #'s and ran the &quot;kill -HUP inetd_pid&quot;

I realized of this when I executed the above command from the console and got the message &quot;ftp/tcp : Unknown service&quot;
I suppose when the inetd is started it also checks for the services file not just the inetd.conf !!

Thank you : )
Regards !!!