ubuntu vsftpd not connecting

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



running ubuntu: 16.04.3 LTS



running vsftpd: 3.0.3




  1. Things that ARE working (using lftp as client, TLS connection)



    • validation locally from 127.0.0.1

    • validation locally from local server IP address (172.31.26.169)



  2. Unable to connect from any external client using exact same syntax for lftp client.



    lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


Supporting information



/etc/vsftpd.conf



listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
user_sub_token=$USER
local_root=/home/$USER/ftp
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
debug_ssl=YES
#implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
log_ftp_protocol=YES
require_cert=NO


ufw status verbose



Status: active
Logging: on (high)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To Action From
-- ------ ----
8080 ALLOW IN Anywhere
22 ALLOW IN Anywhere
54.210.201.141 22/tcp ALLOW IN Anywhere
80,443,8080/tcp ALLOW IN Anywhere
53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
20/tcp ALLOW IN Anywhere # ftp
21/tcp ALLOW IN Anywhere # ftp
22/tcp ALLOW IN Anywhere # port 22 for ssh
40000:50000/tcp ALLOW IN Anywhere
990/tcp ALLOW IN Anywhere
8080 (v6) ALLOW IN Anywhere (v6)
22 (v6) ALLOW IN Anywhere (v6)
80,443,8080/tcp (v6) ALLOW IN Anywhere (v6)
53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
40000:50000/tcp (v6) ALLOW IN Anywhere (v6)
990/tcp (v6) ALLOW IN Anywhere (v6)


netstat -tlnp



Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres
tcp6 0 0 :::8080 :::* LISTEN 3236/java
tcp6 0 0 :::22 :::* LISTEN 1269/sshd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java
tcp6 0 0 :::8009 :::* LISTEN 3236/java


/etc/vsftpd.userlist



has only 1 line with local username for ftp login access







share|improve this question


























    up vote
    0
    down vote

    favorite












    Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



    running ubuntu: 16.04.3 LTS



    running vsftpd: 3.0.3




    1. Things that ARE working (using lftp as client, TLS connection)



      • validation locally from 127.0.0.1

      • validation locally from local server IP address (172.31.26.169)



    2. Unable to connect from any external client using exact same syntax for lftp client.



      lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


    Supporting information



    /etc/vsftpd.conf



    listen=YES
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    dirmessage_enable=YES
    use_localtime=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    chroot_local_user=YES
    secure_chroot_dir=/var/run/vsftpd/empty
    pam_service_name=vsftpd
    rsa_cert_file=/etc/ssl/private/vsftpd.pem
    rsa_private_key_file=/etc/ssl/private/vsftpd.pem
    ssl_enable=YES
    allow_anon_ssl=NO
    force_local_data_ssl=YES
    force_local_logins_ssl=YES
    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
    require_ssl_reuse=NO
    ssl_ciphers=HIGH
    user_sub_token=$USER
    local_root=/home/$USER/ftp
    pasv_min_port=40000
    pasv_max_port=50000
    userlist_enable=YES
    userlist_file=/etc/vsftpd.userlist
    userlist_deny=NO
    debug_ssl=YES
    #implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
    log_ftp_protocol=YES
    require_cert=NO


    ufw status verbose



    Status: active
    Logging: on (high)
    Default: deny (incoming), allow (outgoing), disabled (routed)
    New profiles: skip

    To Action From
    -- ------ ----
    8080 ALLOW IN Anywhere
    22 ALLOW IN Anywhere
    54.210.201.141 22/tcp ALLOW IN Anywhere
    80,443,8080/tcp ALLOW IN Anywhere
    53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
    20/tcp ALLOW IN Anywhere # ftp
    21/tcp ALLOW IN Anywhere # ftp
    22/tcp ALLOW IN Anywhere # port 22 for ssh
    40000:50000/tcp ALLOW IN Anywhere
    990/tcp ALLOW IN Anywhere
    8080 (v6) ALLOW IN Anywhere (v6)
    22 (v6) ALLOW IN Anywhere (v6)
    80,443,8080/tcp (v6) ALLOW IN Anywhere (v6)
    53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
    20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
    21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
    22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
    40000:50000/tcp (v6) ALLOW IN Anywhere (v6)
    990/tcp (v6) ALLOW IN Anywhere (v6)


    netstat -tlnp



    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd
    tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd
    tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres
    tcp6 0 0 :::8080 :::* LISTEN 3236/java
    tcp6 0 0 :::22 :::* LISTEN 1269/sshd
    tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java
    tcp6 0 0 :::8009 :::* LISTEN 3236/java


    /etc/vsftpd.userlist



    has only 1 line with local username for ftp login access







    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



      running ubuntu: 16.04.3 LTS



      running vsftpd: 3.0.3




      1. Things that ARE working (using lftp as client, TLS connection)



        • validation locally from 127.0.0.1

        • validation locally from local server IP address (172.31.26.169)



      2. Unable to connect from any external client using exact same syntax for lftp client.



        lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


      Supporting information



      /etc/vsftpd.conf



      listen=YES
      anonymous_enable=NO
      local_enable=YES
      write_enable=YES
      dirmessage_enable=YES
      use_localtime=YES
      xferlog_enable=YES
      connect_from_port_20=YES
      chroot_local_user=YES
      secure_chroot_dir=/var/run/vsftpd/empty
      pam_service_name=vsftpd
      rsa_cert_file=/etc/ssl/private/vsftpd.pem
      rsa_private_key_file=/etc/ssl/private/vsftpd.pem
      ssl_enable=YES
      allow_anon_ssl=NO
      force_local_data_ssl=YES
      force_local_logins_ssl=YES
      ssl_tlsv1=YES
      ssl_sslv2=NO
      ssl_sslv3=NO
      require_ssl_reuse=NO
      ssl_ciphers=HIGH
      user_sub_token=$USER
      local_root=/home/$USER/ftp
      pasv_min_port=40000
      pasv_max_port=50000
      userlist_enable=YES
      userlist_file=/etc/vsftpd.userlist
      userlist_deny=NO
      debug_ssl=YES
      #implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
      log_ftp_protocol=YES
      require_cert=NO


      ufw status verbose



      Status: active
      Logging: on (high)
      Default: deny (incoming), allow (outgoing), disabled (routed)
      New profiles: skip

      To Action From
      -- ------ ----
      8080 ALLOW IN Anywhere
      22 ALLOW IN Anywhere
      54.210.201.141 22/tcp ALLOW IN Anywhere
      80,443,8080/tcp ALLOW IN Anywhere
      53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
      20/tcp ALLOW IN Anywhere # ftp
      21/tcp ALLOW IN Anywhere # ftp
      22/tcp ALLOW IN Anywhere # port 22 for ssh
      40000:50000/tcp ALLOW IN Anywhere
      990/tcp ALLOW IN Anywhere
      8080 (v6) ALLOW IN Anywhere (v6)
      22 (v6) ALLOW IN Anywhere (v6)
      80,443,8080/tcp (v6) ALLOW IN Anywhere (v6)
      53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
      20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
      40000:50000/tcp (v6) ALLOW IN Anywhere (v6)
      990/tcp (v6) ALLOW IN Anywhere (v6)


      netstat -tlnp



      Active Internet connections (only servers)
      Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
      tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd
      tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres
      tcp6 0 0 :::8080 :::* LISTEN 3236/java
      tcp6 0 0 :::22 :::* LISTEN 1269/sshd
      tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java
      tcp6 0 0 :::8009 :::* LISTEN 3236/java


      /etc/vsftpd.userlist



      has only 1 line with local username for ftp login access







      share|improve this question














      Fresh install of vsftpd is not accepting connections. I have got to be missing something simple, but I can't seem to figure it out. BTW lots of articles on this, read most of them...



      running ubuntu: 16.04.3 LTS



      running vsftpd: 3.0.3




      1. Things that ARE working (using lftp as client, TLS connection)



        • validation locally from 127.0.0.1

        • validation locally from local server IP address (172.31.26.169)



      2. Unable to connect from any external client using exact same syntax for lftp client.



        lftp -d -u username,password 172.31.26.169 -e "set ssl:verify-certificate false"


      Supporting information



      /etc/vsftpd.conf



      listen=YES
      anonymous_enable=NO
      local_enable=YES
      write_enable=YES
      dirmessage_enable=YES
      use_localtime=YES
      xferlog_enable=YES
      connect_from_port_20=YES
      chroot_local_user=YES
      secure_chroot_dir=/var/run/vsftpd/empty
      pam_service_name=vsftpd
      rsa_cert_file=/etc/ssl/private/vsftpd.pem
      rsa_private_key_file=/etc/ssl/private/vsftpd.pem
      ssl_enable=YES
      allow_anon_ssl=NO
      force_local_data_ssl=YES
      force_local_logins_ssl=YES
      ssl_tlsv1=YES
      ssl_sslv2=NO
      ssl_sslv3=NO
      require_ssl_reuse=NO
      ssl_ciphers=HIGH
      user_sub_token=$USER
      local_root=/home/$USER/ftp
      pasv_min_port=40000
      pasv_max_port=50000
      userlist_enable=YES
      userlist_file=/etc/vsftpd.userlist
      userlist_deny=NO
      debug_ssl=YES
      #implicit_ssl=YES (This setting causes 127.0.0.1 login testing to fail)
      log_ftp_protocol=YES
      require_cert=NO


      ufw status verbose



      Status: active
      Logging: on (high)
      Default: deny (incoming), allow (outgoing), disabled (routed)
      New profiles: skip

      To Action From
      -- ------ ----
      8080 ALLOW IN Anywhere
      22 ALLOW IN Anywhere
      54.210.201.141 22/tcp ALLOW IN Anywhere
      80,443,8080/tcp ALLOW IN Anywhere
      53 ALLOW IN Anywhere # open tcp and udp port 53 for dns
      20/tcp ALLOW IN Anywhere # ftp
      21/tcp ALLOW IN Anywhere # ftp
      22/tcp ALLOW IN Anywhere # port 22 for ssh
      40000:50000/tcp ALLOW IN Anywhere
      990/tcp ALLOW IN Anywhere
      8080 (v6) ALLOW IN Anywhere (v6)
      22 (v6) ALLOW IN Anywhere (v6)
      80,443,8080/tcp (v6) ALLOW IN Anywhere (v6)
      53 (v6) ALLOW IN Anywhere (v6) # open tcp and udp port 53 for dns
      20/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      21/tcp (v6) ALLOW IN Anywhere (v6) # ftp
      22/tcp (v6) ALLOW IN Anywhere (v6) # port 22 for ssh
      40000:50000/tcp (v6) ALLOW IN Anywhere (v6)
      990/tcp (v6) ALLOW IN Anywhere (v6)


      netstat -tlnp



      Active Internet connections (only servers)
      Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
      tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 23158/vsftpd
      tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1269/sshd
      tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 1377/postgres
      tcp6 0 0 :::8080 :::* LISTEN 3236/java
      tcp6 0 0 :::22 :::* LISTEN 1269/sshd
      tcp6 0 0 127.0.0.1:8005 :::* LISTEN 3236/java
      tcp6 0 0 :::8009 :::* LISTEN 3236/java


      /etc/vsftpd.userlist



      has only 1 line with local username for ftp login access









      share|improve this question













      share|improve this question




      share|improve this question








      edited Jan 4 at 19:32









      jayhendren

      5,09721341




      5,09721341










      asked Jan 4 at 19:20









      Ralph Sr

      11




      11

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f414834%2fubuntu-vsftpd-not-connecting%23new-answer', 'question_page');

          );

          Post as a guest



































          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes










           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f414834%2fubuntu-vsftpd-not-connecting%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?