VSFTPD 421 Service not availabl
Aaron Gray
aaronngray.lists at gmail.com
Sun Oct 3 15:29:37 UTC 2010
On 3 October 2010 11:21, Daniel J Walsh <dwalsh at redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/02/2010 10:28 PM, Aaron Gray wrote:
> > On 3 October 2010 01:35, Sam Sharpe <lists.redhat at samsharpe.net> wrote:
> >
> >> On 3 October 2010 00:41, Aaron Gray <aaronngray.lists at gmail.com> wrote:
> >>> On 2 October 2010 23:58, Aaron Gray <aaronngray.lists at gmail.com>
> wrote:
> >>>>
> >>>> On 2 October 2010 23:56, stan <gryt2 at q.com> wrote:
> >>>>>
> >>>>> On Sat, 2 Oct 2010 23:37:40 +0100
> >>>>> Aaron Gray <aaronngray.lists at gmail.com> wrote:
> >>>>>
> >>>>>> I have installed a fresh version of F11, unfortunately I did not
> >>>>>> install VSFTPD with it.
> >>>>>>
> >>>>>> On doing a "yum install vsftpd" it install fine but does not seem to
> >>>>>> function.
> >>>>>>
> >>>>>> [root at zzz vsftpd]# ftp localhost
> >>>>>> Trying ::1...
> >>>>>> ftp: connect to address ::1Connection refused
> >>>>>> Trying 127.0.0.1...
> >>>>>> Connected to localhost (127.0.0.1).
> >>>>>> 421 Service not available, remote server has closed connection
> >>>>>> ftp> quit
> >>>>>>
> >>>>>> I copied the 'vsftpd.conf' and 'users' directory from my working F11
> >>>>>> server this one is supposed to be mirroring, but am getting exactly
> >>>>>> the same responce.
> >>>>>
> >>>>> This is probably a problem with the firewall. Did you open ports 20
> >>>>> and 21?
> >>>>>
> >>>>> And if you are using passive ftp you should open some ports in the
> high
> >>>>> range, so there is a hole in the firewall for vsftpd to use. You
> have
> >>>>> to tell vsftpd to use those ports in the configuration. I also had
> to
> >>>>> open the service on my router, but that might not be an issue for
> you.
> >>>>>
> >>>>> If I recall correctly, there is a logging function that can be turned
> >>>>> on and it is really useful for decoding where the problem is and what
> >>>>> it is too.
> >>>>>
> >>>>> It's been a few years since I used vsftpd, so this is somewhat hazy.
> >>>>
> >>>> My other F11 server is working fine, and that does not have any
> extras.
> >>>
> >>> Its not iptables, thats exactly the same across the two machines.
> >>> Aaron
> >>
> >> I find the best way to deal with this kind of problem is some
> >> elementary research. I started with Google:
> >>
> >> http://www.google.com/search?sourceid=navclient&hl=en-GB&q=vsftpd+421
> >>
> >> The first Search Result might help you immensely.
> >>
> >
> > Yep its SELinux !
> >
> > Are there any rule files for this I can just load ?
> >
> > Aaron
> >
> >
> What AVC messages are you getting in /var/log/audit/audit.log?
>
type=AVC msg=audit(1286119627.313:21309): avc: denied { sys_admin } for
pid=1903 comm="vsftpd" capability=21
scontext=unconfined_u:system_r:ftpd_t:s0
tcontext=unconfined_u:system_r:ftpd_t:s0 tclass=capability
type=SYSCALL msg=audit(1286119627.313:21309): arch=40000003 syscall=120
success=no exit=-1 a0=28000011 a1=0 a2=6f4334 a3=6f4334 items=0 ppid=1
pid=1903 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=5 comm="vsftpd" exe="/usr/sbin/vsftpd"
subj=unconfined_u:system_r:ftpd_t:s0 key=(null)
Yeah, it works when I turn enforcement off.
Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/users/attachments/20101003/b221a85e/attachment.html
More information about the users
mailing list