239 lines
9.6 KiB
HTML
239 lines
9.6 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.1H.i">
|
|
<TITLE>The Answer Guy 37: Getting my new linux box to run the ftp server</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Guy</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H4>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 6 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>Getting my new linux box to run the ftp server</H3>
|
|
|
|
|
|
<p><strong>From Clay Harmon on Wed, 30 Dec 1998
|
|
</strong></p>
|
|
<P><STRONG>
|
|
I have just added an Intel Pentium Linux (Redhat 5.1) box to a
|
|
heterogeneous network consisting of 2 Sun Solaris 2.5.1 workstations and 4
|
|
Win95 PCs. Everything has gone pretty much OK, only I can't establish an
|
|
ftp connection from outside to my Linux box. If I try to ftp into the
|
|
Linux box from the Sun stations, I get a "421 Service not available, remote
|
|
server has closed connection" message. I have looked at the usual
|
|
culprits, i.e. <TT>/etc/hosts.allow</TT>, and have enabled access to
|
|
the ftp server
|
|
for ALL. What is truly strange is that inetd "superdaemon" seems to work
|
|
just fine for the finger, telnet AND rlogin services - I can access the
|
|
Linux box from outside just fine using any of these, but the ftp server
|
|
does not appear to be up. The only other piece of network weirdness I have
|
|
noticed is that when the Linux station boots, I get an error on one of the
|
|
Sysv init scripts:
|
|
</STRONG></P>
|
|
<Pre><STRONG>
|
|
Executing: /etc/rc.d/rc3.d/S10network reload
|
|
</STRONG></Pre>
|
|
<Pre><STRONG>
|
|
* route: netmask doesn't match route address
|
|
* Usage: route [-nNvee] [-FC] [Address_families] List kernel routing tables
|
|
</STRONG></Pre>
|
|
<P><STRONG>
|
|
* ....... and so on
|
|
and then
|
|
</STRONG></P>
|
|
<Pre><STRONG>
|
|
Executing: /etc/rc.d/rc3.d/S50inet restart
|
|
</STRONG></Pre>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
That probably is unrelated --- though you should
|
|
check to make sure your routing tables are right. Are you
|
|
running 'routed' or 'gated' to get your route dynamically?
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The reasons that I don't believe this symptom is related
|
|
to your FTP problem is that it's complaining about routing
|
|
and you clearly are getting packets to and from the
|
|
box (otherwise you wouldn't get the service unavailable
|
|
message --- and finger/telnet and rlogin wouldn't work.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
It also sounds like this probably isn't a TCP Wrappers
|
|
problem --- since you presumably have all you services
|
|
wrapped. However, you should check to make sure that your
|
|
forward and reverse DNS zones are consistent --- since this
|
|
classically can cause TCP wrappers to deny connections that
|
|
would otherwise be allowed. (Normally tcpd is compiled with
|
|
<tt>-DPARANOID</tt> enabled --- though
|
|
<A HREF="http://www.redhat.com/">Red Hat</A> ships with it off, so
|
|
you can explicitly use the PARANOID directive if you want --
|
|
but you don't get it unless you ask for it).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In any event it seems that the most likely case is that you
|
|
have a problem in your inetd.conf file --- probably a path
|
|
referring to non-existent in.ftpd. Did you install in.ftpd,
|
|
WU ftpd or ProFTPd? You have to install some FTP daemon
|
|
in order for the dispatche (inetd) to execute it.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
So, make sure the package is installed. Make sure that the
|
|
path listed in the <TT>/etc/inetd.conf</TT> is correct. Finally,
|
|
look in <TT>/var/log/messages</TT> for any errors that inetd, tcpd,
|
|
and/or in.ftpd (or its ilk) are reporting.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
If all of that is O.K and things still don't work ---
|
|
I'd look for something weird with one of the routers
|
|
(some sort of packet filtering, network address
|
|
translations or IP masquerading or something like that).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Incidentally, you mentioned "from outside" --- I hope
|
|
you don't mean that your organization is allowing direct
|
|
routable IP from the outside world (open Internet) all the
|
|
way into your desktop workstations. If that's the case I'd
|
|
highly reoommend a review of your security policies and an
|
|
assets evaluation and risk assessment.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Your company can provide reasonably safe and secure remote
|
|
access to it's employees without leaving itself wide open to
|
|
every cracker that want another attack launch point and
|
|
portscanning slave.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
This may or may not be related to my problem.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
I'm stumped. Everything else seems to work just fine - I can get out
|
|
through our ISDN router to the net, Netscape works fine, and all of the
|
|
other services seem to work just fine. I can use the ftp utility to access
|
|
the Sun stations, and "get" files, but I would really like to be able to
|
|
ftp from our PC's into the Linux box, without having to go through the
|
|
complicated path of ftp'ing from PC to Solaris(put) and then from Linux to
|
|
Solaris(get) to just transfer a simple file. I don't have the option
|
|
currently of ftp'ing from Linux to PC, because Win95 does not have an ftp
|
|
server as a standard option, so I would like to be able to ftp from PC to
|
|
the Linux (put). I have the feeling there is something simple that I'm
|
|
doing or not doing that would fix this problem.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Thanks for your help
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Look for your ftpd program. There are several to choose
|
|
from. I think Red Hat 5.1 uses 'in.ftpd' as re-ported from
|
|
the <A HREF="http://www.openbsd.org/">OpenBSD</A> sources. Most Linux distributions default to
|
|
the Washington University (St. Louis) WU-FTPD. I've
|
|
recommended others (such as ProFTPD, BeroFTPD, and ncftpd)
|
|
in previous columns.
|
|
</BLOCKQUOTE>
|
|
<!-- sig -->
|
|
|
|
<!-- end 6 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> <P>
|
|
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 1999, James T. Dennis
|
|
<BR>Published in <I>The Linux Gazette</I> Issue 37 February 1999</H5>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<P align="center">
|
|
<table width="98%"><tr valign="center" align="center">
|
|
<td rowspan="3" colspan="4"><A HREF="../lg_answer37.html"><IMG
|
|
SRC="../../gx/dennis/answernew.gif"
|
|
ALT="[ Answer Guy Index ]"></A></td>
|
|
<TD width="8%"><A HREF="./1.html">1</A></TD>
|
|
<TD width="8%"><A HREF="./2.html">2</A></TD>
|
|
<TD width="8%"><A HREF="./3.html">3</A></TD>
|
|
<TD width="8%"><A HREF="./4.html">4</A></TD>
|
|
<TD width="8%"><A HREF="./5.html">5</A></TD>
|
|
<TD width="8%"><A HREF="./6.html">6</A></TD>
|
|
<TD width="8%"><A HREF="./7.html">7</A></TD>
|
|
<TD width="8%"><A HREF="./8.html">8</A></TD>
|
|
<TD width="8%"><A HREF="./9.html">9</A></TD>
|
|
<TD width="8%"><A HREF="./10.html">10</A></TD>
|
|
|
|
</tr><tr valign="center" align="center">
|
|
<TD><A HREF="./11.html">11</A></TD>
|
|
<TD><A HREF="./12.html">12</A></TD>
|
|
<TD><A HREF="./14.html">14</A></TD>
|
|
<TD><A HREF="./15.html">15</A></TD>
|
|
<TD><A HREF="./16.html">16</A></TD>
|
|
<TD><A HREF="./17.html">17</A></TD>
|
|
<TD><A HREF="./18.html">18</A></TD>
|
|
<TD><A HREF="./19.html">19</A></TD>
|
|
<TD><A HREF="./21.html">21</A></TD>
|
|
<TD><A HREF="./22.html">22</A></TD>
|
|
|
|
</tr><tr valign="center" align="center">
|
|
<TD><A HREF="./23.html">23</A></TD>
|
|
<TD><A HREF="./28.html">28</A></TD>
|
|
<TD><A HREF="./29.html">29</A></TD>
|
|
<TD><A HREF="./30.html">30</A></TD>
|
|
<TD><A HREF="./31.html">31</A></TD>
|
|
<TD><A HREF="./32.html">32</A></TD>
|
|
<TD><A HREF="./33.html">33</A></TD>
|
|
<TD><A HREF="./34.html">34</A></TD>
|
|
<TD><A HREF="./37.html">37</A></TD>
|
|
<TD><A HREF="./38.html">38</A></TD>
|
|
|
|
</tr><tr valign="center" align="center">
|
|
<TD><A HREF="./39.html">39</A></TD>
|
|
<TD><A HREF="./41.html">41</A></TD>
|
|
<TD><A HREF="./42.html">42</A></TD>
|
|
<TD><A HREF="./43.html">43</A></TD>
|
|
<TD><A HREF="./44.html">44</A></TD>
|
|
<TD><A HREF="./45.html">45</A></TD>
|
|
<TD><A HREF="./46.html">46</A></TD>
|
|
<TD><A HREF="./47.html">47</A></TD>
|
|
<TD><A HREF="./48.html">48</A></TD>
|
|
<TD><A HREF="./49.html">49</A></TD>
|
|
|
|
</tr></table>
|
|
</P>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<P> <hr> <P>
|
|
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<A HREF="../index.html"
|
|
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
|
|
<A HREF="../../index.html"
|
|
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
|
|
<A HREF="../lg_bytes37.html"
|
|
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
|
|
<A HREF="../york.html"
|
|
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
|
|
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|