Re: setting up vsftpd
On Sun, 05 Jul 2015 16:24:05 -0400
Louis Wust <louiswust@fastmail.fm> wrote:
> Just to clear things up, take a look at the vsftpd.conf(5) man page:
>
> listen_ipv6
> Like the listen parameter, except vsftpd will listen on an IPv6
> socket instead of an IPv4 one. Note that a socket listening on the
> IPv6 "any" address (::) will accept both IPv6 and IPv4 connections
> by default. This parameter and the listen parameter are mutually
> exclusive.
> Default: NO
>
> That explains why, by default, the vsftpd package in Debian ships with
> these options:
>
> listen=NO
> listen_ipv6=YES
>
> The "listen_ipv6" option configures vsftpd to listen for IPv6
> connections AND IPv4 connections simultaneously. This works despite
> netstat listing only a tcp6 port:
>
> On Sat, Jul 4, 2015, at 01:22, briand@aracnet.com wrote:
> > tcp6 0 0 [::]:ftp [::]:*
> > LISTEN 29400/vsftpd
>
> I confirmed that both modes actually work as advertised by connecting to
> vsftpd using my Debian ftp client, while listening for IPv4 and IPv6
> traffic using Wireshark. Both "ftp 192.168.1.5" and "ftp abcd::0001"
> were successful, and resulted in the expected IPv4 or IPv6 network
> traffic being captured.
>
> > well i have configured BOTH machines thusly :
> >
> > listen=YES
> > #listen_ipv6=YES
> >
> > and then it works on BOTH machines. This most certainly points to
> > some issue with IPV6.
>
> Excellent! If this works for you, then by all means keep your
> configuration as it is. However...
>
> On Sun, Jul 5, 2015, at 10:43, briand@aracnet.com wrote:
> > There is a problem here, one I should most likely fix, but i can't
> > figure out what it is.
>
> It sounds like you're not quite satisfied.
>
> On Sun, 5 Jul 2015 08:55:28 +0200 Petter Adsen <petter@synth.no> wrote:
> > Maybe machine2 has no ip6tables rules, or rules that allow the access,
> > and machine1 blocks it? Or maybe only machine2 has IPv6 enabled?
>
> This is a good thought, and begs a simple experiment. To briand: try
> resetting your machine1 configuration so that:
>
> listen=NO
> listen_ipv6=YES
>
> Make sure to restart vsftpd! And then, from machine2, try connecting to
> machine1 via ftp, but this time instead of typing "ftp machine1" where
> machine1 is the machine's hostname, maybe try "ftp 192.168.x.x" where
> 192.168.x.x (or 10.x.x.x or whatever) is the IPv4 address of machine1.
> That way, we can be sure that ftp is connecting using IPv4 instead of
> IPv6. If this works, then we can be sure that there is something wrong
> with the IPv6 configuration (probably a firewall rule). Try it (i.e.,
> ftp 192.168.x.x) from machine1 as well.
machine1
netstat -a | grep ftp
tcp6 0 0 [::]:ftp [::]:* LISTEN
ftp machine1 : connection refused
ftp 192.168.x.x: connection refused
pushed vsftpd.conf back to
LISTEN=YES
#listen_ipv6=YES
and both ftp machine1 and ftp <ipadress> work.
>
> On Fri, Jul 3, 2015, at 23:55, Alexis wrote:
> > Check that vsftpd is indeed listening on the relevant port(s). If it's
> > not, check vsftpd logs to see whether it produced any errors or
> > warning on startup, and check your vsftpd configuration accordingly.
no errors or warnings.
>
> This is the only other possibility I can think of as well, and based on
> the output of netstat, vsftpd is up and running. I'm not sure where to
> go from here if "ftp 192.168.x.x" doesn't work.
>
It's definitely not a good thing that there is this disparity between machines.
Clearly something about ipv6 is being handled differently.
These lines are in machine1's /etc/hosts file and _not_ in machine2's /etc/hosts file:
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
i commented them out and they do not make a difference.
Thanks very much for the help.
Brian
Reply to: