Can not connect vsftpd remotely?

Question

I have a home network with a raspberryPi and a Windows computer. I want to share files between these two via FTP. So I have downloaded, installed and configured VSFTPD on my raspberryPi. Now I can connect this server locally from rasPi but not from my Windows PC.

Below you can find some more information, command outputs, conf file etc.

****Raspberry Pi****

vsftd.conf

listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
user_sub_token=$USER
local_root=/home/$USER/ftp

sudo service --status-all

> sudo service --status-all
[ + ]  vsftpd

nmap localhost

> nmap localhost
Starting Nmap 6.00 ( http://nmap.org ) at 2015-12-16 22:55 EET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.029s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
5002/tcp open  rfe
Nmap done: 1 IP address (1 host up) scanned in 4.80 seconds

ftp localhost

> ftp localhost
Connected to localhost.
220 (vsFTPd 2.3.5)
Name (localhost:pi): pi
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

****Windows****

ping 192.168.2.140

> ping 192.168.2.140
Pinging 192.168.2.140 with 32 bytes of data:
Reply from 192.168.2.140: bytes=32 time=1ms TTL=64
Reply from 192.168.2.140: bytes=32 time<1ms TTL=64
Reply from 192.168.2.140: bytes=32 time<1ms TTL=64
Reply from 192.168.2.140: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.2.140:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

ftp 192.168.2.140

> ftp 192.168.2.140
ftp: connect :Connection timed out

Thanks for help.

Maybe the server on Raspberry is listening `127.0.0.1` instead of `0.0.0.0`, what is the output of `netstat -an | grep -i listen | grep 21`? — ceremcem, Dec 16 '15 at 21:42
Please move your question to [su]. It's [off-topic](http://stackoverflow.com/help/on-topic) here. — Martin Prikryl, Dec 17 '15 at 06:53
Thanks for warning I moved it to : http://superuser.com/questions/1014729/can-not-connect-vsftpd-remotely — Canburak Tümer, Dec 17 '15 at 14:06

score 0 · Answer 1 · answered Jan 09 '16 at 07:07

One possible reason why you can connect locally, but not remotely, is due to which user VSFTPD is accessing the local user account under. Is it ROOT or is it the USER ID you've logged into.

In reviewing your settings, I noted you have:

chroot_local_user=YES
write_enable=YES
local_root=/home/$USER/ftp

I would also add:

allow_writeable_chroot=YES
seccomp_sandbox=NO

And I would execute:

setsebool -P ftp_home_dir on

Should this suggestion fail, I also asked a similar question in Ask Fedora Forums. Link to Question. In this question, I posted several links to articles that discussed setting up VSFTPD. Maybe one of these will give you a hint towards what to look for.

Some of their suggestions are:

allow a global user for VSFTPD full file system access

This is a very dangerous option and breaks many security protocols VSFTPd is trying to help protect you from.

change the read write privileges on /home/$users to a-w

This change is not needed if you add "allow_writeable_chroot=YES", and set the SELinux ftp_home_dir ON.

Hope that this helps.

Can not connect vsftpd remotely?

1 Answers1