This is the tutorial I have been following: http://www.howtoforge.com/proftpd_mysql_virtual_hosting I have done a netstat -tap and I can see the FTP server waiting for a connection. However, trying to connect to the FTP server through FileZilla keeps giving me an authentication error. This connection is being attempted on the local network to the IP address of the server. Firewall (Shorewall) is setup to allow FTP connections. I don't really see anything in the system logs that would lead me in the correct direction. Any help would be appreciated. Thanks, Tom
Are there any errors related to this in /var/log/auth.log? If not, then probably the connection is blocked by the firewall, or you're accidentally trying to connect to a different server.
More Information Falko, Thanks for the response. I cannot find any entries in /var/log/auth.log related to FTP logins. There isn't anything there, good or bad when I try to FTP to my server. There are entries in /var/log/proftpd/proftpd.log however. Code: Dec 06 21:28:32 gopher proftpd[17109] gopher.mydomain.com (::ffff:192.168.100.150[::ffff:192.168.100.150]): FTP session closed. FYI - My domain is not really mydomain.com. I obfuscated it since a lot of this Ubuntu stuff is new to me. I am learning and having a hard enough time without my server attempting to be hacked every second. So far so good but I digress. The IP address shown in my proftpd log is obviously an internal LAN IP address. In Filezilla, I am using the internal LAN of the server for the URL rather than the domain name, so I am pretty confident that I am connecting to the right server. If not, I wouldn't see the attempt in the log. I am running Shorewall for a firewall on the Ubuntu server. I used a predefined macro in order to enable FTP connections. I can't remember off hand where to look to see what rules are added with a predefined macro. For good measure, I do have my router forwarding ports 20 and 21 to the Ubuntu server. But I don't think this applies yet since I am only connecting from the internal LAN and my router only forwards external ports. Lastly, I have tried both the Passive and Active mode setting in Filezilla. Neither has any luck. Is there a way I can test natively (like you do with a mail server by telnet 25) to test FTP without a client program like Filezilla? Thanks, Tom
Telnet Results I logged onto the SSH of my server. I entered the command: Code: telnet localhost 21 The resulting display was Code: Trying 127.0.0.1... Connected to localhost Escape character is '^]'. Connection closed by foreign host. I found it weird that it didn't ask me for a user name or password. The connection was immediately closed which is similar to the message I see in Filezilla. Does this help at all? I really appreciate your willingness to help people like me figure our problems out. Thanks, Tom
What's the output of Code: netstat -tap and Code: hostname -f ? What's in your proftpd.conf and /etc/hosts?
Log and Configuration Outputs netstat -tap Code: Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:60000 *:* LISTEN 5742/postgrey.pid - tcp 0 0 localhost:10024 *:* LISTEN 393/amavisd (virgin tcp 0 0 localhost:10025 *:* LISTEN 6239/master tcp 0 0 localhost:mysql *:* LISTEN 5682/mysqld tcp 0 0 *:netbios-ssn *:* LISTEN 6258/smbd tcp 0 0 *:submission *:* LISTEN 6239/master tcp 0 0 *:webmin *:* LISTEN 6457/perl tcp 0 0 *:ssmtp *:* LISTEN 6239/master tcp 0 0 gopher.jensenliv:domain *:* LISTEN 5553/named tcp 0 0 localhost:domain *:* LISTEN 5553/named tcp 0 0 gopher.jensenlive.c:ssh *:* LISTEN 5575/sshd tcp 0 0 *:smtp *:* LISTEN 6239/master tcp 0 0 localhost:953 *:* LISTEN 5553/named tcp 0 0 *:microsoft-ds *:* LISTEN 6258/smbd tcp 0 0 localhost:44619 localhost:mysql TIME_WAIT - tcp 0 0 localhost:44618 localhost:mysql TIME_WAIT - tcp 0 0 localhost:44617 localhost:mysql TIME_WAIT - tcp 0 1924 gopher.jensenlive.c:ssh 192.168.100.150:3939 ESTABLISHED425/sshd: HIDDEN [ tcp 0 0 localhost:mysql localhost:44614 TIME_WAIT - tcp6 0 0 *:imaps *:* LISTEN 6133/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 6173/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 6151/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 6113/couriertcpd tcp6 0 0 *:www *:* LISTEN 6417/apache2 tcp6 0 0 *:ftp *:* LISTEN 6370/proftpd: (acce tcp6 0 0 *:domain *:* LISTEN 5553/named tcp6 0 0 ip6-localhost:953 *:* LISTEN 5553/named hostname -f Code: gopher.jensenlive.com /etc/hosts Code: 127.0.0.1 localhost 192.168.100.2 gopher.jensenlive.com gopher # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allroutes ff02::3 ip6-allhosts As far as I know, my machine is not IP6 capable so I could probably delete many of the entries in the hosts file. /etc/proftpd/proftpd.conf Code: # # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 on ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. # RequireValidShell off # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP to retrieve passwords: # PersistentPasswd off # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off # Choose a SQL backend among MySQL or PostgreSQL. # Both modules are loaded in default configuration, so you have to specify the backend # or comment out the unused module in /etc/proftpd/modules.conf. # Use 'mysql' or 'postgres' as possible values. # #<IfModule mod_sql.c> # SQLBackend mysql #</IfModule> TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_tls.c> TLSEngine off </IfModule> <IfModule mod_quota.c> QuotaEngine on </IfModule> <IfModule mod_ratio.c> Ratios on </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on </IfModule> # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> ################### Added by Me ################### # The passwords in MySQL are encrypted using CRYPT SQLAuthTypes Plaintext Crypt SQLAuthenticate users* groups* # used to connect to the database # databasename@host database_user user_password SQLConnectInfo ftp@localhost proftpd HIDDEN Thanks again for your help.
Tailing MySQL I decided to try and tail the MySQL log. I figured I should see some activity in the log when attempting to login through Filezilla to my FTP site. However, there was no activity that was logged to the MySQL log. Therefore, I am thinking there must be some problem with the authentication through MySQL. I double checked the /etc/proftpd/proftp.conf file and saw the following: Code: # Choose a SQL backend among MySQL or PostgreSQL. # Both modules are loaded in default configuration, so you have to specify the backend # or comment out the unused module in /etc/proftpd/modules.conf. # Use 'mysql' or 'postgres' as possible values. # #<IfModule mod_sql.c> # SQLBackend mysql #</IfModule> I looked back through the How-To and didn't see anything mentioning this module. So I uncommented the lines for the module and tried again. Code: # Choose a SQL backend among MySQL or PostgreSQL. # Both modules are loaded in default configuration, so you have to specify the backend # or comment out the unused module in /etc/proftpd/modules.conf. # Use 'mysql' or 'postgres' as possible values. # <IfModule mod_sql.c> SQLBackend mysql </IfModule> With the lines uncommented, the MySQL log now shows action when tailing the log. Additionally, when I telnet to the machine, the connection is no longer immediately closed. Also Filezilla reports a new line in the message console that reports the user "exampleuser" which it wasn't reporting earlier. But despite the step forward, I am still unable to connect. At the command line, I typed: Code: ftp localhost I then entered the "exampleuser" user name. This was the result: Code: Connected to localhost. 220 ProFTPD 1.3.0 Server (Debian) [127.0.0.1] Name (localhost:HIDDEN): exampleuser 421 Service not available, remote server has closed connection Login failed. No control connection for command: No such file or directory Where can I determine or configure the control channel for FTP?
Log Review I am not quite sure which logs I should be checking for errors. There are absolutely no entries for any FTP processes in the /var/log/auth.log. The same is true for the /var/log/syslog. There are only "FTP session opened." and "FTP session closed." entries in the /var/log/proftpd/proftpd.log. This is a sample result from the /var/log/mysql/mysql.log: Code: 071209 17:42:38 796 Connect proftpd@localhost on ftp 071209 17:42:48 796 Query SELECT userid, passwd, uid, gid, homedir, shell FROM users WHERE (userid='exampleuser') LIMIT 1 796 Quit So I don't see anything yet in the logs that would point me in the correct direction.
Resolved I am pretty sure I found the problem. I am almost ashamed to admit what it was, but I realized my proftpd.conf file was missing several lines. I installed ProFTPd late at night. So I either typed those lines and forgot to save them or I just flat out missed them. I discovered the error when I was double checking all the work I had done going through the How To the first time around. In the end, I still had to enable the SQL module to get it to work. That was the only thing different from the How To as posted. I really appreciate the willingness of every one to help me out. Thank you.
