Ping a Specific Port

Question

Toby

Asked: 2011-07-21 01:53:43 +0800 CST2011-07-21 01:53:43 +0800 CST 2011-07-21 01:53:43 +0800 CST

Troubleshooting FTP traffic not getting through

772

I have recently set up vsftpd and whilst everything appears to be running fine and the server is listening on the correct port I cannot connect in using FTP clients.

A connection is established but whilst waiting for a welcome message it times out.

Googling the issue lead to lots of pages saying I should check my iptables, I know little about these but I have printed the results below.

My first question is I am guessing the iptables acts like a software firewall so presumably if I don't have it set up then all traffic should come in fine?

My second question is are iptables the most common but not only way of limiting what traffic can come in, and if it isn't the only is there anywhere else I should be looking?

Please request any additional information and I will edit the question appropriately.

EDIT

I have checked for any related logs and can't find anything of note.

When I try the command ftp localhost I get a timeout, so it looks like it may have nothing to do with IPTables but I don't know enough to totally rule it out.

The results of running telnet localhost ftp and telnet localhost ftp-data were timeouts, but they did try connecting to 127.0.0.1 which is what I would expect.

Here are my IP Tables;

Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh
ACCEPT     tcp  --  anywhere             anywhere            multiport dports ssh,smtp,domain,www,https,ssmtp,xmpp-client,xmpp-server,5280,8999:9003
ACCEPT     udp  --  anywhere             anywhere            multiport dports domain
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            multiport dports http-alt
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp state NEW
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

2 Answers

Voted

user48838 · Answer 1 · 2011-07-21T04:43:04+08:00

Best Answer

user48838

2011-07-21T04:43:04+08:002011-07-21T04:43:04+08:00

"but they did try connecting to 127.0.0.1 which is what I would expect"

If that means it is also failing while attempting 127.0.0.1, then you might start by verifying that the server is actually running as the starting point.

1

Nick Downton · Answer 2 · 2011-07-21T02:47:40+08:00

Nick Downton

2011-07-21T02:47:40+08:002011-07-21T02:47:40+08:00

Try switching to passive mode in your FTP Client.

That can often help indicate whether there is a restriction in place at a firewall/router.

-1

Troubleshooting FTP traffic not getting through

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?