ProFTPd not working from day 1 - Connection from ... denied.

Hello I have a CentOS 5.3 x86_64 machine with Virtualmin Pro. Problem is I never needed FTP on this one, but now I do. I had ProFTPd vs 1.3.0 installed by the Virtualmin script (not working), but read about a few bugs with Filezilla and IPV6 and thought this is the problem. So I upgraded to 1.3.1, and tested again, upgraded to 1.3.2 and tested again; restarted the server , checked the config files etc. Strange is that on my other server with Virtualmin GPL and ProFTPd 1.3.1 installed separately and everything by hand, it works great with no fuzz.

Now I have proftpd-1.3.2-2.1.el5.kb (it shouldn’t pose any problem in my knowledge and it’s x64) and I’m getting a single error in my messages log:
Aug 19 12:44:29 ns1 proftpd[14188]: ns1.xxxxx.ro (::ffff:79.119.17.209[::ffff:79.119.17.209]) - Connection from ::ffff:79.119.17.209 [::ffff:79.119.17.209] denied.

With the initial version 1.3.0 (that’s why I upgraded) i was getting this (now gone) error:
Aug 19 12:07:13 ns1 proftpd[11809]: ns1.xxxxxx.ro - error setting IPV6_V6ONLY: Protocol not available

My conf file (I want specific users only to get access - someuser.somedomain - working as intended on my other server as I said):

# This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon.

ServerName “FTP server”
ServerType standalone
DefaultServer on

Port 21 is the standard FTP port.

Port 21

Umask 022 is a good standard umask to prevent new dirs and files

from being group and world writable.

Umask 022

To prevent DoS attacks, set the maximum number of child processes

to 30. If you need to allow more than 30 concurrent connections

at once, simply increase this value. Note that this ONLY works

in standalone mode, in inetd mode you should use an inetd server

that allows you to limit maximum number of processes per service

(such as xinetd).

MaxInstances 30

Set the user and group under which the server will run.

User nobody
Group nobody

To cause every FTP user to be “jailed” (chrooted) into their home

directory, uncomment this line.

DefaultRoot ~

Securitatea vietii How-To-Forge

IdentLookups off
ServerIdent on “FTP Server > Gata de lucru.”

Normally, we want files to be overwriteable.

AllowOverwrite on

Bar use of SITE CHMOD by default

DenyAll

Limit LOGIN to anyone not in the groups

Order deny,allow Deny from 168.13.162.120,208.76.245.135,81.19.151.110,195.37.209.43 AllowUser someuser.somedomain AllowUser someuser.somedomain AllowUser someuser.somedomain AllowUser someuser.somedomain AllowUser someuser.somedomain DenyAll

A basic anonymous configuration, no upload directories. If you do not

want anonymous users, simply delete this entire section.

DisplayConnect ""Hmmm sa vedem cine esti..."" DisplayGoAway ""Prea multe conexiuni, vai!"" DisplayLogin ""Bun venit! Bucuros de transferuri!"" DisplayQuit ""Toate cele bune!"" ServerIdent on "Bun venit! Bucuros de transferuri!" RootLogin off DisplayConnect ""Hmmm sa vedem cine esti..."" DisplayGoAway ""Prea multe conexiuni, vai!"" DisplayLogin ""Bun venit! Bucuros de transferuri!"" DisplayQuit ""Toate cele bune!""

No reply in days? That’s odd :slight_smile:

Man, this is the simplest & dumbest conf file ever… What the hell is wrong with it?

Is there anything listed in /etc/hosts.deny?

Also, do you run into the same errors if you try a different FTP client?

-Eric

Thanks for the reply.

Nothing in /etc/hosts.deny, the ports are open, the IP from wich i’m trying to connect is not blacklisted anywhere - this were the first things I cheked. I would really like to use proftpd, mostly because virtualmin - never had any problems.

BTW - I removed IPV6 suport by adding UseIPv6 off in the conf file. Same Error with an IPV4 flavour :slight_smile:

*Ahhh, another client, not server; tried - Filezilla and Fire FTP. I don’t think those could be responsable. Reliable software, both of them.

Okay, agreed, I don’t think the FTP client should be the issue; but I figured we rule that out before getting too far :slight_smile:

Looking through your config, the biggest question in my mind is that “deny” section (which I know you said works fine on another server).

I’m curious, though – if you were to comment out that entire block, and restart ProFTP, if it would begin working.

If that works, we can figure some things out from there :slight_smile:

So, for testing, I’d recommend commenting this out:

Order deny,allow Deny from 168.13.162.120,208.76.245.135,81.19.151.110,195.37.209.43 AllowUser someuser.somedomain AllowUser someuser.somedomain AllowUser someuser.somedomain AllowUser someuser.somedomain AllowUser someuser.somedomain DenyAll

And then restart the FTP service – are you able to log in at that point?

-Eric

Hello and thanks - solved the problem - I removed the lines:

Order deny,allow
Deny from 168.13.162.120,208.76.245.135,81.19.151.110,195.37.209.43

and just worked - I wonder why the other server doesn’t have the same problem. As I said it’s just another proftpd version… and pretty much the same setup.

Thank you for your time!