I have a home network with a raspberryPi and a Windows computer. I want to share files between these two via FTP. So I have downloaded, installed and configured VSFTPD on my raspberryPi. Now I can connect this server locally from rasPi but not from my Windows PC.
Below you can find some more information, command outputs, conf file etc.
****Raspberry Pi****
vsftd.conf
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
user_sub_token=$USER
local_root=/home/$USER/ftp
sudo service --status-all
> sudo service --status-all
[ + ] vsftpd
nmap localhost
> nmap localhost
Starting Nmap 6.00 ( http://nmap.org ) at 2015-12-16 22:55 EET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.029s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
5002/tcp open rfe
Nmap done: 1 IP address (1 host up) scanned in 4.80 seconds
ftp localhost
> ftp localhost
Connected to localhost.
220 (vsFTPd 2.3.5)
Name (localhost:pi): pi
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
****Windows****
ping 192.168.2.140
> ping 192.168.2.140
Pinging 192.168.2.140 with 32 bytes of data:
Reply from 192.168.2.140: bytes=32 time=1ms TTL=64
Reply from 192.168.2.140: bytes=32 time<1ms TTL=64
Reply from 192.168.2.140: bytes=32 time<1ms TTL=64
Reply from 192.168.2.140: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.2.140:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
ftp 192.168.2.140
> ftp 192.168.2.140
ftp: connect :Connection timed out
Thanks for help.
One possible reason why you can connect locally, but not remotely, is due to which user VSFTPD is accessing the local user account under. Is it ROOT or is it the USER ID you've logged into.
In reviewing your settings, I noted you have:
chroot_local_user=YES
write_enable=YES
local_root=/home/$USER/ftp
I would also add:
allow_writeable_chroot=YES
seccomp_sandbox=NO
And I would execute:
setsebool -P ftp_home_dir on
Should this suggestion fail, I also asked a similar question in Ask Fedora Forums. Link to Question. In this question, I posted several links to articles that discussed setting up VSFTPD. Maybe one of these will give you a hint towards what to look for.
Some of their suggestions are:
allow a global user for VSFTPD full file system access
This is a very dangerous option and breaks many security protocols VSFTPd is trying to help protect you from.
change the read write privileges on /home/$users to a-w
This change is not needed if you add "allow_writeable_chroot=YES", and set the SELinux ftp_home_dir ON.
Hope that this helps.
Related
After installed the ClickHouse on Ubuntu 18.04.2 in Hyper-V VM, I use clickhouse-client inside the VM to connect, it works fine.
I used the browser in Host PC to open http://127.27.16.11:8123, it shows ERR_CONNECTION_REFUSED error. Then I edit the /etc/clickhouse-server/config.xml and uncomment the 0.0.0.0 and restart the clickhouse-server. I refresh the browser and it shows OK status.
However, when I use clickhouse-client inside the VM to connect server again, it prompts Connection refused. Is there any way to enable both local and remote connection?
Also tried to enable both IPv4 and IPv6
::
0.0.0.0
ubuntu02:/$ clickhouse-client
ClickHouse client version 19.11.3.11 (official build).
Connecting to localhost:9000 as user default.
Connected to ClickHouse server version 19.11.3 revision 54423.
ubuntu02 :) quit
Bye.
ubuntu02:/$ sudo vi /etc/clickhouse-server/config.xml
[sudo] password for panco:
##uncomment
<listen_host>0.0.0.0</listen_host>
ubuntu02:/$ ping ubuntu02
PING ubuntu02 (172.27.16.11) 56(84) bytes of data.
64 bytes from ubuntu02 (172.27.16.11): icmp_seq=1 ttl=64 time=0.015 ms
64 bytes from ubuntu02 (172.27.16.11): icmp_seq=2 ttl=64 time=0.040 ms
^C
--- ubuntu02 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3039ms
rtt min/avg/max/mdev = 0.015/0.033/0.040/0.012 ms
ubuntu02:/$ sudo service clickhouse-server restart
ubuntu02:/$ clickhouse-client
ClickHouse client version 19.11.3.11 (official build).
Connecting to localhost:9000 as user default.
Code: 210. DB::NetException: Connection refused (localhost:9000)
Code: 210. DB::NetException: Connection refused (localhost:9000)
found the answer, I was too focus on those IP that I used is IPv4, indeed, Ubuntu enable IPv6 by default installation. It just simple uncomment this line
<listen_host>::</listen_host>
The problem is solved. Thanks Slesh for your kindly respond anyway.
Try This :
clickhouse-client -h 127.0.0.1
You can to specify few host to listen. Try this configuration:
<!-- Listen specified host. use :: (wildcard IPv6 address), if you want to accept connections both with IPv4 and IPv6 from everywhere. -->
<listen_host>::</listen_host>
<!-- Default values - try listen localhost on ipv4 and ipv6: -->
<listen_host>::1</listen_host>
<listen_host>127.0.0.1</listen_host>
Need to know the port of clickhouse
netstat -tulpn | grep LISTEN
And connect externally IP.
ex.
clickhouse-client -h 1.12.123.45 --port 9020 -u default --password my_strong_pass
I have a brand new IBM CP 3.1.2 cluster up and running. I've deployed my workloads on it, mostly go microservices. The containers can't start and log an error because it can't access an external redis server on port 6379.
The cluster is installed with the firewall mode to false.
I have double checked that the IP, port and credentials are correct.
I have checked that the port on the distant redis server is reachable from the nodes directly. I've checked that the calico policy is in allowed mode for outbound and inbound traffic.
I also have used a throwable busybox container, and it can't telnet the distant redis server either but it can ping it.
From the nodes :
telnet REDIS_SERVER 6379
Trying REDIS_SERVER...
Connected to REDIS_SERVER.
Escape character is '^]'.
From the busybox container, inside the cluster (kubectl run -i --rm --tty busybox --image=busybox -- sh) :
telnet REDIS_SERVER 6379
ping REDIS_SERVER
64 bytes from REDIS_SERVER: seq=0 ttl=59 time=1.415 ms
64 bytes from REDIS_SERVER: seq=1 ttl=59 time=1.376 ms
64 bytes from REDIS_SERVER: seq=2 ttl=59 time=1.674 ms
64 bytes from REDIS_SERVER: seq=3 ttl=59 time=1.705 ms
Is there something that I'm missing ?
The port was blocked because of a missing istio egress policy.
Once I've added the egress policy my pods were able to communicate with the distant REDIS server.
If I understood correctly the telnet failed inside of your pod, is that correct?
You can ping it but cannot telnet?
Does it happens if you go to other pod?
I installed by this instruction https://passingcuriosity.com/2013/dnsmasq-dev-osx/ .dev support local domain.
When I replaced all configs to localhost instead of dev I can't open my some.localhost domain.
In console I successfully checked some.localhost domain for working:
bash-3.2$ ping -c 1 some.localhost
PING some.localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.036 ms
But in chrome I have a CONNECTION_REFUSED error yet.
Help me please.
I can not figure out why host name davno.pw is on 127.0.0.1 for my local workstation.
The site is up and running on 5.45.126.52 and its okay
But locally I only see that the name points to 127.0.0.1
And nothing about it in the hosts file:
c:\Windows\System32\drivers\etc\hosts
(the only uncommented line is 127.0.0.1 localhost)
and at the same time
> ping davno.pw
--- PING davno.pw [127.0.0.1] 32 bytes of data. ---
Reply from 127.0.0.1: 32 bytes time<1ms TTL=128
It might be some heritage of Open server but I have no idea where the configuration is.
I am trying to send an email using the postfix server on amazon EC2 instance.
The command is: sendmail xxxxxx#gmail.com
FROM:localhost
SUBJECT:Welcome
this is a test email....
.
However I am getting the following error in the /var/log/maillog file.
the error is:
Jan 13 09:00:37 ip-172-31-32-76 postfix/pickup[26635]: C43AE62D00: uid=222
from=
Jan 13 09:00:37 ip-172-31-32-76 postfix/cleanup[26727]: C43AE62D00:
message-id=<20140113090037.C43AE62D00#"HOSTNAME">
Jan 13 09:00:37 ip-172-31-32-76 postfix/qmgr[26636]: C43AE62D00:
from=<"MYHOSTNAME">, size=435, nrcpt=1 (queue active)
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]:
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Jan 13 09:00:37 ip-172-31-32-76 postfix/smtp[26729]: C43AE62D00:
to=, relay=none, delay=22, delays=22/0.02/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:2525: Connection refused)
I have hidden the details for hostname and the email ID to which I want to send.
please help me out in thus regard.
I have also added the port 25 in the outbound and inbound port in the security groups for my instance.
Regards,
Anurag
I think the other service is running in the same port,
"netstat -tap" run the command and check whether the same port is using for something.
connect to 127.0.0.1[127.0.0.1]:2525: Connection refused
Something is preventing Postfix from using this port. (Port 2525 is sometimes being used instead of 587 as an alternative smtp port. )
Verify which ports are listening:
netstat -tanp | grep LISTEN
If you see sendmail (or any other MTA except for Postfix):
tcp 0 0 127.0.0.1:2525 0.0.0.0:* LISTEN 1014/sendmail
get rid of it:
service sendmail stop
yum remove sendmail
Verify settings on the first table row in:
/etc/postfix/master.cf
If it says:
smtp inet n - n - - smtpd
postfix listens on port 25 and your security group settings make sense. IF the line says
2525 inet n - n - - smtpd
you are telling postfix to listen on port 2525 for incoming smtpd connections.
The line that says:
submission inet n - n - - smtpd
does not begin with a comment.
Verify iptables rules, adjust if necessary:
iptables -L -n
This could be unrelated but I'm going to post it here because I had a hard time finding the answer to my question. I was able to get outbound email working from a vagrant virtual box by editing my /etc/resolv.conf to use Google's nameserver rather than the 10.0.x.x IP it was set to:
sudo nano /etc/resolv.conf
Change the nameserver IP:
nameserver 8.8.8.8
Then you'll need to restart postfix:
sudo /etc/init.d/postfix restart