Re: setting up vsftpd
Just to clear things up, take a look at the vsftpd.conf(5) man page:
listen_ipv6
Like the listen parameter, except vsftpd will listen on an IPv6
socket instead of an IPv4 one. Note that a socket listening on the
IPv6 "any" address (::) will accept both IPv6 and IPv4 connections
by default. This parameter and the listen parameter are mutually
exclusive.
Default: NO
That explains why, by default, the vsftpd package in Debian ships with
these options:
listen=NO
listen_ipv6=YES
The "listen_ipv6" option configures vsftpd to listen for IPv6
connections AND IPv4 connections simultaneously. This works despite
netstat listing only a tcp6 port:
On Sat, Jul 4, 2015, at 01:22, briand@aracnet.com wrote:
> tcp6 0 0 [::]:ftp [::]:*
> LISTEN 29400/vsftpd
I confirmed that both modes actually work as advertised by connecting to
vsftpd using my Debian ftp client, while listening for IPv4 and IPv6
traffic using Wireshark. Both "ftp 192.168.1.5" and "ftp abcd::0001"
were successful, and resulted in the expected IPv4 or IPv6 network
traffic being captured.
> well i have configured BOTH machines thusly :
>
> listen=YES
> #listen_ipv6=YES
>
> and then it works on BOTH machines. This most certainly points to
> some issue with IPV6.
Excellent! If this works for you, then by all means keep your
configuration as it is. However...
On Sun, Jul 5, 2015, at 10:43, briand@aracnet.com wrote:
> There is a problem here, one I should most likely fix, but i can't
> figure out what it is.
It sounds like you're not quite satisfied.
On Sun, 5 Jul 2015 08:55:28 +0200 Petter Adsen <petter@synth.no> wrote:
> Maybe machine2 has no ip6tables rules, or rules that allow the access,
> and machine1 blocks it? Or maybe only machine2 has IPv6 enabled?
This is a good thought, and begs a simple experiment. To briand: try
resetting your machine1 configuration so that:
listen=NO
listen_ipv6=YES
Make sure to restart vsftpd! And then, from machine2, try connecting to
machine1 via ftp, but this time instead of typing "ftp machine1" where
machine1 is the machine's hostname, maybe try "ftp 192.168.x.x" where
192.168.x.x (or 10.x.x.x or whatever) is the IPv4 address of machine1.
That way, we can be sure that ftp is connecting using IPv4 instead of
IPv6. If this works, then we can be sure that there is something wrong
with the IPv6 configuration (probably a firewall rule). Try it (i.e.,
ftp 192.168.x.x) from machine1 as well.
On Fri, Jul 3, 2015, at 23:55, Alexis wrote:
> Check that vsftpd is indeed listening on the relevant port(s). If it's
> not, check vsftpd logs to see whether it produced any errors or
> warning on startup, and check your vsftpd configuration accordingly.
This is the only other possibility I can think of as well, and based on
the output of netstat, vsftpd is up and running. I'm not sure where to
go from here if "ftp 192.168.x.x" doesn't work.
Louis Wust
Reply to: