I searched different forums to shed light on my problem - no solution yet, so I have the heart to ask: I want to connect to a VMware virtual machine via ftp. This does not work: I use a server with SUSE 10 (no FTP-server on the host!) VMware - only one VM at the moment Network: nat virtual machine: ISPConfig-appliance (Debian) ISPConfig is running. I have set up one client and one web with just one user for mail/ftp. Within ISPConfig FTP is set to "on" for the created web. What I CAN do: I can access my VM from 'outside' via http and https using the host IP, i.e. I can access serverconsole, config-panel, "shared-IP-adress"-page and the user's page at ../~webx_user/. From the shell of ISPConfig I get ftp at localhost running ok. Login to config-panel as admin: I can use WebFTP. What I CANNOT do: if I try to get FTP-access to my VM with an ftp-client (such as WinFTP) from outside, I get "connection refused" - no access possible. This seems not to be due to firewall settings, because I get the same, when I switch off the firewalls (host and guest). I tried to solve it by setting port 8887 in /etc/vmware/vmnet8/nat/nat.conf (8887 = 192.168.77.10:21) and connecting to port 8887 with my ftp-client as well as by activating ports under 1024 in /usr/lib/vmware/configurator/vmnet-nat.conf manually: > [privilegedTCP] > autodetect = 1 > port = 21 Negative Any ideas? Regards agri
Does your SuSE firewall allow connections on port 21? Did you try both active and passive transfers in your FTP client?
Hi Falko! Yes, it does. But it does not even work, if I switch off the firewall... Yes, I did. BTW: the user in question is NOT administrator - nonetheless he should be able to access his own webspace at .../~webx_username, shouldn't he? Regards agri
netstat -tap (rather long ...) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:vmware-authd *:* LISTEN 7483/xinetd tcp 0 0 *:5801 *:* LISTEN 7483/xinetd tcp 0 0 *:mysql *:* LISTEN 7578/mysqld tcp 0 0 *:8333 *:* LISTEN 7624/httpd.vmware tcp 0 0 *:5901 *:* LISTEN 7483/xinetd tcp 0 0 *:sunrpc *:* LISTEN 7326/portmap tcp 0 0 *:http-alt *:* LISTEN 8004/python tcp 0 0 *:ndmp *:* LISTEN 7557/perl tcp 0 0 *:6001 *:* LISTEN 16385/Xvnc tcp 0 0 *:intu-ec-client *:* LISTEN 8004/python tcp 0 0 *:ipp *:* LISTEN 8002/cupsd tcp 0 0 *:radan-http *:* LISTEN 8004/python tcp 0 0 localhost:smtp *:* LISTEN 7705/master tcp 0 0 *:8222 *: * LISTEN 7624/httpd.vmware tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.k:imgames VERBUNDEN 16385/Xvnc tcp 0 0 localhost:10274 localhost:5901 VERBUNDEN 16377/0 tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-:fastechnologlm VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku:cardax VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell:cplscrambler-lg VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850:webobjects VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-185:ansoft-lm-2 VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-185:ansoft-lm-1 VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-18:amt-esd-prot VERBUNDEN 16385/Xvnc tcp 0 36 eo-dell-1850f.ku-e:6001 eo-dell-1850f: pvuniwien VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku-:socks VERBUNDEN 16385/Xvnc tcp 0 0 localhost:5901 localhost:10274 VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e: 6001 eo-dell-1:gmrupdateserv VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f:syscomlan VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.:nicelink VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku-:rootd VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku: proofd VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku-: obrpd VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku-:ff-sm VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku:ff-fms VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku-e:9792 VERBUNDEN 16385/Xvnc tcp 32 0 eo-dell-1850f.ku-e:9792 eo-dell-1850f.ku-e:6001 VERBUNDEN 16392/-eo-dell-1850 tcp 0 32 eo-dell-1850f.ku-e:6001 eo-dell:cplscrambler-al VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-1850f.ku-e:mctp VERBUNDEN 16385/Xvnc tcp 0 0 eo-dell-1850f.ku-e:6001 eo-dell-185:rmiregistry VERBUNDEN 16385/Xvnc tcp 0 0 localhost:exosee localhost:sunrpc TIME_WAIT - tcp 0 0 localhost:cap localhost:sunrpc TIME_WAIT - tcp 0 0 localhost:blackjack localhost:sunrpc TIME_WAIT - tcp 0 0 localhost:iad2 localhost:sunrpc TIME_WAIT - tcp 0 0 localhost:iad1 localhost:sunrpc TIME_WAIT - tcp 0 0 localhost:solid-mux localhost:sunrpc TIME_WAIT - tcp 0 0 localhost:1028 localhost:sunrpc TIME_WAIT - tcp 0 0 eo-dell-1850f.ku:ff-fms eo-dell-1850f.ku-e:6001 VERBUNDEN 16553/konqueror [kd tcp 0 0 eo-dell-1850f.ku-:ff-sm eo-dell-1850f.ku-e:6001 VERBUNDEN 16554/konqueror [kd tcp 0 0 eo-dell:cplscrambler-al eo-dell-1850f.ku-e:6001 VERBUNDEN 16552/konsole [kdei tcp 0 0 eo-dell-1850f.ku-:rootd eo-dell-1850f.ku-e:6001 VERBUNDEN 16564/kwrite [kdein tcp 0 0 eo-dell-1850f.:nicelink eo-dell-1850f.ku-e:6001 VERBUNDEN 16565/konqueror [kd tcp 0 0 eo-dell-1850f.ku-brpd eo-dell-1850f.ku-e:6001 VERBUNDEN 16555/konqueror [kd tcp 0 0 eo-dell-1850f.kuroofd eo-dell-1850f.ku-e:6001 VERBUNDEN 16563/kate [kdeinit tcp 0 0 eo-dell-1:rmiactivation eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-185:rmiregistry eo-dell-1850f.ku-e:6001 VERBUNDEN 16573/knotify [kdei tcp 0 0 eo-dell-185:cnrprotocol eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1:sunclustermgr eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1850f.ku-e:mctp eo-dell-1850f.ku-e:6001 VERBUNDEN 16518/klauncher [kd tcp 0 0 eo-dell-18: pt2-discover eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1: kyoceranetdev eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1850f.k:fpo-fns eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-185:instl_boots eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1850f.ku-: jstel eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1850f:syscomlan eo-dell-1850f.ku-e:6001 VERBUNDEN 16482/dbus-launch tcp 0 0 eo-dell-1: gmrupdateserv eo-dell-1850f.ku-e:6001 VERBUNDEN 16521/kded [kdeinit tcp 0 0 eo-dell-18: bsquare-voip eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-185:instl_bootc eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-: cognex-insight eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-:fastechnologlm eo-dell-1850f.ku-e:6001 VERBUNDEN 16526/kaccess [kdei tcp 0 0 eo-dell-1850f.k:rdrmshc eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1850f.ku:cardax eo-dell-1850f.ku-e:6001 VERBUNDEN 16513/kdeinit Runni tcp 0 0 eo-dell-1: bridgecontrol eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1:avocent-proxy eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-185:asprovatalk eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1850f:dab-sti-c eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-1850f.k:imgames eo-dell-1850f.ku-e:6001 VERBUNDEN 16521/kded [kdeinit tcp 0 0 eo-dell-18:amt-esd-prot eo-dell-1850f.ku-e:6001 VERBUNDEN 16539/kdesktop [kde tcp 0 0 eo-dell-185:ansoft-lm-1 eo-dell-1850f.ku-e:6001 VERBUNDEN 16541/kicker [kdein tcp 0 0 eo-dell-1850f.ku-:socks eo-dell-1850f.ku-e:6001 VERBUNDEN 16536/ksmserver [kd tcp 0 0 eo-dell-1850f: pvuniwien eo-dell-1850f.ku-e:6001 VERBUNDEN 16537/kwin [kdeinit tcp 0 0 eo-dell: cplscrambler-lg eo-dell-1850f.ku-e:6001 VERBUNDEN 16549/suseplugger [ tcp 0 0 eo-dell: cplscrambler-in eo-dell-1850f.ku-e:6001 TIME_WAIT - tcp 0 0 eo-dell-185:ansoft-lm-2 eo-dell-1850f.ku-e:6001 VERBUNDEN 16543/kpowersave [k tcp 0 0 eo-dell-1850:webobjects eo-dell-1850f.ku-e:6001 VERBUNDEN 16546/klipper [kdei tcp 0 0 192.168.77.1:26791 192.168.77.10:hosts2-ns VERBUNDEN 16575/konquerorJW4L tcp 0 0 *:www-http *:* LISTEN 7925/httpd2-prefork tcp 0 0 *:6001 *:* LISTEN 16385/Xvnc tcp 0 0 *:ssh *:* LISTEN 7469/sshd tcp 0 0 localhost:smtp *:* LISTEN 7705/master tcp 0 0 *:https *:* LISTEN 7925/httpd2-prefork tcp 0 0 eo-dell-1850f.ku-ei:ssh ashb-009-02.ku:ncpm-hip VERBUNDEN 16377/0
iptables -L (oops!) Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED input_ext all -- anywhere anywhere input_ext all -- anywhere anywhere input_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU forward_ext all -- anywhere anywhere forward_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ' DROP all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ' Chain forward_ext (2 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV ' DROP all -- anywhere anywhere Chain input_ext (3 references) target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect ACCEPT esp -- anywhere anywhere LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp-data flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ftp LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ssh LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:https LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:http LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:8333 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:8333 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:8887 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:8887 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ideafarm-chat flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ideafarm-chat LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:vmware-authd flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:vmware-authd LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t ACCEPT udp -- anywhere anywhere udp dpt:isakmp reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV ' DROP all -- anywhere anywhere Chain reject_func (1 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Ok, I did not see the obvious - thanks! I now installed an ftp-server on my host. But seems I don't get forwarded to my virtual machine ...
Did you enable FTP for that web site in ISPConfig? Did you create an admin user for that web site in ISPConfig? Please use this admin user to connect to your document root with FTP.
Yes, I did. No, I didn't. Does this mean, that _any_ user, that wants to upload files to his/her "/web"-directory has to be admin? So anybody who is user with mailaccess, but is not admin cannot upload anything to his/her /web-directory? Regards agri
He can upload to his web directory, but not to the main document root. Take a look at chapter 2.2.9 here: http://ispconfig.org/downloads/manual_en/manual_kunde_en_src.htm#4_2_2
Ok, got that. Still: I fiddled around a bit and found out the following: if I connect to my server via ftp, I get logged into the ftp-root of my host! How can I target to my virtual machine instead (I had hoped ISPConfig would do that for me ;-) ?
I guess you logged in with the wrong username or your FTP doemon does not allo chrooting of users. If you use a user that has been created within ISPConfig, you will login to the home directory of this user. If the user has the "administrator" checkbox enabled, th home directory of this user is the root directory of the website the user belongs to.