ERROR:
– ftp: connect: Connection refused
SOLUTION:
Most likely, the vsftpd daemon isn’t running. Check /etc/vsftpd/vsftpd.conf, and if it contains “listen=YES” (without a “#” preceding it) it’s configured to run in standalone mode. Start vsftpd thusly.
|
1 2 |
# service vsftpd start # chkconfig vsftpd on |
ERROR:
– 421 Service not available
– 421 Service not available, remote server has closed connection
SOLUTION:
Check /etc/vsftpd/vsftpd.conf to see if “tcp_wrappers=YES” (without a “#” preceding it) is present. If so, add the following line to the /etc/hosts.allow file. (You can restrict connections to various hosts/domains by using other options besides “ALL”. See the hosts.allow manpage for details.)
|
1 |
vsftpd : ALL |
ERROR:
– long delay on command after ftp login
– ftp: connection timed out
– ftp: connect: No route to host
– Security: Bad IP connecting.
– 606 no socket
SOLUTION:
Many people report problems with ftp sessions hanging or throwing errors after the ftp login session is successful. Frequently this is because the ftp-data port is blocked by a firewall or not forwarded by a router. This section describes the configuration of vsftpd to enable passive mode data transfers, along with the accompanying changes to iptables and your router to allow ftp-data connections to pass.
Ftp sessions consist of two channels: a command channel and a data channel, and they each use a different port. While the command channel is (usually) fixed at server port 21, the data channel employs varying ephemeral ports, and this can be problematic in the presence of a firewall since you don’t know from session to session which port the ftp server will use for the data transfer. To get around this, you need to constrain the range of ports used by the server for ftp-data connections, and you need to modify your firewall and, if necessary, your router to enable traffic on that port range.
First, make sure that passive mode is enabled; vsftpd enables it by default, but it doesn’t hurt to set it explicitly. Let’s also restrict the data channel to ports 11000 through 11010. Depending upon the number of concurrent sessions you anticipate on your server, you can increase or decrease the port range by modifying the min and max values. You can also use any port range; I chose 11000 through 11010 at random. Just make sure the min port is greater than 1024. Add these lines to /etc/vsftpd/vsftpd.conf.
|
1 2 3 |
pasv_enable=YES pasv_min_port=11000 pasv_max_port=11010 |
Restart vsftpd (or xinetd if you’re running vsftpd under xinetd) to make the changes take effect.
|
1 |
service vsftpd restart |
Unblock ports in firewall
|
1 |
-A RH-Firewall-1-INPUT -p tcp --dport 11000:11010 -j ACCEPT |
Restart the firewall.
|
1 |
service iptables restart |
ERROR:
– 550 Failed to change directory.
SOLUTION:
This happens most likely because you’ve established a chroot jail for users, and the user is trying to access a directory outside the jail.
ERROR:
– 500 OOPS: cannot change directory:/foo
– 500 OOPS: Connection closed by remote host.
– 500 OOPS: failed to open xferlog log file:/var/log/xferlog
– 553 could not create file error
SOLUTION:
This happens because SELinux isn’t properly configured for your ftp service. Either disable SELinux or configure it for ftp.
To disable SELinux, edit /etc/selinux/config and set “SELINUX=disabled”, then reboot.
About shk
What about 550 failed to open file, after a get command?
enable passiveftp ports and open those ports in your firewall