vsftpd over xinetd: connection refused

Question

I've been banging my head against this for hours and I'm stumped. I am setting up a Gentoo Linux box with vsftpd. I can get it to work as a standalone daemon, but not with xinetd. When I try to connect from another machine, its FTP client says:

ftp: Can't connect to 'my.ip.add.ress': Connection refused
ftp: Can't connect to 'my.domain.tld'

I've tried everything I can think of. "enabled = yes", "disabled = no", etc. etc. I don't believe it's a firewall issue because I was able to make it run via standalone mode. The OS is fully updated to the "stable" Portage tree. /etc/init.d/xinetd is running, and /etc/init.d/vsftpd is not. The output of netstat doesn't include anything about Port 20 or 21, xinetd or ftp.

Nothing in /var/log/ appears to be recorded when I make a (failed) login attempt. When I restart xinetd, /var/log/messages indicates xinetd reads each file in /etc/xinetd.d/, but then it always says removing ftp toward the end of its startup phase.

Here's my /etc/xinetd.conf:

defaults {
    enabled     = yes
    log_type    = SYSLOG daemon info 
    log_on_failure  = HOST
    log_on_success  = PID HOST DURATION EXIT
    only_from   = 0.0.0.0
    cps     = 50 10
    instances   = 50
    per_source  = 10
    v6only      = no
    groups      = yes
    umask       = 002
}
includedir /etc/xinetd.d

And here's my /etc/xinetd.d/vsftpd:

service ftp {
    socket_type     = stream
    wait            = no
    user            = root
    server          = /usr/sbin/vsftpd
    server_args     = /etc/vsftpd/vsftpd.conf
    log_on_success  += DURATION
    nice            = 10
    disable         = no
}

And here's my /etc/vsftpd/vsftpd.conf:

accept_timeout=60
anon_umask=022
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
anon_world_readable_only=NO
anonymous_enable=NO
banner_file=/etc/motd
chroot_local_user=YES
connect_timeout=60
data_connection_timeout=300
guest_enable=YES
guest_username=admin
hide_ids=YES
idle_session_timeout=900
listen=NO
local_enable=YES
local_root=/home/admin/uploads
log_ftp_protocol=YES
ls_recurse_enable=NO
pam_service_name=/etc/pam.d/vsftpd
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd/users.allow
write_enable=YES
xferlog_enable=YES

Any ideas?

Nothing in your post mentions a firewall, is iptables running? — SpacemanSpiff, Jul 08 '11 at 00:48
There is no firewall on the server (yet). I was able to make it work in standalone mode, so I wouldn't think that's the issue, unless xinetd needs something more configured in relation to ports and all. — curtisdf, Jul 08 '11 at 00:51
You can run xinetd in debug mode (with `-d`) to get verbose output about what it's doing. This might help identify your problem. — larsks, Jul 08 '11 at 00:57
What version of vsftpd are you running? The source for it was recently hacked and placed for public download; it could be your version is compromised and as such, may have a bug or two in it. ( see http://www.thehackernews.com/2011/07/video-demonstration-vsftpd-backdoor.html ) — Avery Payne, Jul 08 '11 at 00:57
Doh! I figured it out myself. I read the man page on `xinetd.conf` and realized the `enabled` option is supposed to be a list of services to enable, rather than boolean YES or NO. I commented out that option and it fired up just fine. Hours down the tubes... grrr. I would have posted this as an answer to my own question but it won't met me for another 8 hours. — curtisdf, Jul 08 '11 at 01:03

score 2 · Answer 1 · answered Jul 09 '11 at 05:00

2

As mentioned in my comment above, I figured it out myself. In 'xinetd.conf', the enabled option is NOT a boolean. If present, it should be a list of services to enable. Commenting it out worked for me.

answered Jul 09 '11 at 05:00

curtisdf

251
1
3
13

vsftpd over xinetd: connection refused

1 Answers1