vsftpd working strangly

[stevenriz]

this is weird. I am configuring vsftpd on a redhat EL 5 server, all seems fine, I have, or should I say HAD anonymous logins working via ftp clients, now all of a sudden we can't connect anonymously. I checked there is nobody else working on this server, I am the only one logged in, I was logged in FTP anonymously, now cannot. This has happend twice so far with no explanation I can think up!! Here is a sample of what is happening...

C:\Documents and Settings\me>ftp 192.168.1.112
Connected to 192.168.1.112.
220 Welcome to FTP Services!
User (192.168.1.112none)): anonymous
500 OOPS: Connection closed by remote host.

BUT just a few minutes earlier, it worked fine.....

C:\Documents and Settings\srizkalla>ftp 192.168.1.112
Connected to 192.168.1.112.
220 Welcome to Image Analysis Services!
User (192.168.1.112none)): anonymous
230 Login successful.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
install.log
pub
snarf
226 Directory send OK.
ftp>

Does anyone make anything of this? here is our vsftp.conf if that helps....

#local_root=/var/ftp
#anonymous_enable=YES
no_anon_password=YES
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_list_enable=YES
chroot_local_user=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to Image Analysis Services!
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd/banned_emails
#chroot_list_file=/etc/vsftpd/chroot_list
ls_recurse_enable=YES
listen=YES
#listen_ipv6=YES
pam_service_name=vsftpd
#userlist_enable=YES
tcp_wrappers=YES

 

[BoldyBald]

Clearly something HAS changed. Things in the Linux/UNIX enviroment do not break automagically like in Windows(tm).

Try testing out with:

#anonymous_enable=YES
no_anon_password=YES

In your configuration. Unhash the first. Hash the second.
Use "a@" or "ftp@" as password when you login from a client.

To really see what happened consult the /var/log/messages to the time that the problem occured.

Things that jump to mind are:
- yum updates?
- iptables? is port 20 still open?
- pam modifications?

What happens if you try to login with your account on the machine and not anonymous? (ps if you are on a big network and you are using standard FTP, consider making a temp account to test this, since passwords will be send over the network plain text)

 

[QatQat]

connect_from_port_20=YES

This entry relates to your FTP server's callback connection. It only works if you are using a proper FTP client, not windoz one.

I would set it to NO.

I also think it works only on active FTP sessions.
If you do not enable it, FTP server will attempt to use a higher port.

Disable windoz's firewall anyway before trying and especially use proper FTP logins if you want your chroot_local_user=YES option to work.

QatQat

If I could have sex each time I reboot my server, I would definitely prefer Windoz over Linux!

 

[sillyVM]

do this:
getsebool -a
what is ftp_home_dir set to? if it's 0 or inactive set it to active.