Error While Trying To FTP

Hi there guys, So after many hours of trying to work this one out figured I would see if you could shed any light on this.

After allowing some updates and restarting my server I find that i can no longer gain access via FTP.

error received is as follows: Connection attempt failed with “ECONNREFUSED - Connection refused by server”.

Cheers for any help in advance.

Makin

Can you send the output from:

sudo netstat -tap

and

sudo iptables -L

run on the server.

Also some info as to which FTP server software, and how you are trying to connect.

OK so I’m using vsftpd as my server software and im using filezilla and fireftp as my clients.

Output of sudo netstat -tap

$ sudo netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 makin:mysql : LISTEN 1006/mysqld
tcp 0 0 :5900 : LISTEN 2729/vino-server
tcp 0 0 :19150 : LISTEN 2144/gkrellmd
tcp 0 0 :webmin : LISTEN 2327/perl
tcp 0 0 :www : LISTEN 648/apache2
tcp 0 0 makin_server:domain : LISTEN 890/named
tcp 0 0 server.encryptec:domain : LISTEN 890/named
tcp 0 0 makin:domain : LISTEN 890/named
tcp 0 0 :ssh : LISTEN 1411/sshd
tcp 0 0 makin:ipp : LISTEN 864/cupsd
tcp 0 0 :smtp : LISTEN 2104/master
tcp 0 0 makin:953 : LISTEN 890/named
tcp 0 0 makin:6010 : LISTEN 2430/sshd: nx@notty
tcp 0 0 makin:6011 : LISTEN 3078/1
tcp 0 0 makin:6012 : LISTEN 13393/12
tcp 0 0 makin:6013 : LISTEN 25858/15
tcp 0 0 :9091 : LISTEN 3398/transmission
tcp 0 0 :7015 : LISTEN 2616/nxagent
tcp 0 0 :9000 : LISTEN 3099/mono
tcp 0 3184 makin_server:ssh makin_home:56063 ESTABLISHED 2357/sshd: nx [priv
tcp 0 0 makin:6012 makin:34210 ESTABLISHED 13393/12
tcp 0 0 makin:43166 makin:5015 ESTABLISHED 2622/nxssh
tcp 0 0 makin:5015 makin:43166 ESTABLISHED 2616/nxagent
tcp 0 0 makin:34211 makin:6012 ESTABLISHED 13414/dbus-launch
tcp 0 0 makin:mysql makin:46151 ESTABLISHED 1006/mysqld
tcp 0 0 makin:52511 makin:mysql ESTABLISHED 3099/mono
tcp 0 0 makin:6012 makin:34211 ESTABLISHED 13393/12
tcp 0 0 makin:34210 makin:6012 ESTABLISHED 13414/dbus-launch
tcp 0 0 makin:mysql makin:52511 ESTABLISHED 1006/mysqld
tcp 0 0 makin:46151 makin:mysql ESTABLISHED 3099/mono
tcp6 0 0 [::]:5900 [::]:
LISTEN 2729/vino-server
tcp6 0 0 [::]:19150 [::]:
LISTEN 2144/gkrellmd
tcp6 0 0 [::]:53359 [::]:
LISTEN 2311/java
tcp6 0 0 [::]:domain [::]:
LISTEN 890/named
tcp6 0 0 [::]:ssh [::]:
LISTEN 1411/sshd
tcp6 0 0 makin:ipp [::]:
LISTEN 864/cupsd
tcp6 0 0 makin:953 [::]:
LISTEN 890/named
tcp6 0 0 makin:6010 [::]:
LISTEN 2430/sshd: nx@notty
tcp6 0 0 makin:6011 [::]:
LISTEN 3078/1
tcp6 0 0 makin:6012 [::]:* LISTEN 13393/12
tcp6 0 0 makin:6013 [::]:* LISTEN 25858/15
tcp6 0 0 [::]:9412 [::]:* LISTEN 2311/java
tcp6 0 0 [::]:7015 [::]:* LISTEN 2616/nxagent
tcp6 0 0 [::]:4040 [::]:* LISTEN 2311/java
tcp6 0 0 makin:ssh makin:35611 ESTABLISHED 25776/sshd: makin [
tcp6 0 0 makin:51440 makin:ssh ESTABLISHED 13317/ssh
tcp6 0 0 makin:35611 makin:ssh ESTABLISHED 25775/ssh
tcp6 0 0 makin:48316 makin:ssh ESTABLISHED 2516/nxssh
tcp6 0 0 makin:ssh makin:48353 ESTABLISHED 2998/sshd: makin [p
tcp6 0 0 makin:ssh makin:48316 ESTABLISHED 2517/sshd: makin [p
tcp6 0 0 makin:48353 makin:ssh ESTABLISHED 2997/ssh
tcp6 0 0 makin:ssh makin:51440 ESTABLISHED 13318/sshd: makin [

Is it me, or is vsftpd not running, I can see nothing listening on port 21

try:

sudo service vsftpd start

if it’s configured to run standalone.

or see here:

$ sudo /etc/init.d/vsftpd start
[sudo] password for makin:
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service vsftpd start

Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the start(8) utility, e.g. start vsftpd
vsftpd start/running, process 26332

$ sudo netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 makin:mysql : LISTEN 1006/mysqld
tcp 0 0 :5900 : LISTEN 2729/vino-server
tcp 0 0 :19150 : LISTEN 2144/gkrellmd
tcp 0 0 :webmin : LISTEN 2327/perl
tcp 0 0 :www : LISTEN 648/apache2
tcp 0 0 makin_server:domain : LISTEN 890/named
tcp 0 0 server.encryptec:domain : LISTEN 890/named
tcp 0 0 makin:domain : LISTEN 890/named
tcp 0 0 :ssh : LISTEN 1411/sshd
tcp 0 0 makin:ipp : LISTEN 864/cupsd
tcp 0 0 :smtp : LISTEN 2104/master
tcp 0 0 makin:953 : LISTEN 890/named
tcp 0 0 makin:6010 : LISTEN 2430/sshd: nx@notty
tcp 0 0 makin:6011 : LISTEN 3078/1
tcp 0 0 makin:6012 : LISTEN 13393/12
tcp 0 0 makin:6013 : LISTEN 25858/15
tcp 0 0 :9091 : LISTEN 3398/transmission
tcp 0 0 :7015 : LISTEN 2616/nxagent
tcp 0 0 :9000 : LISTEN 3099/mono
tcp 0 800 makin_server:ssh makin_home:56063 ESTABLISHED 2357/sshd: nx [priv
tcp 0 0 makin:6012 makin:34210 ESTABLISHED 13393/12
tcp 21 0 makin:43166 makin:5015 ESTABLISHED 2622/nxssh
tcp 0 21 makin:5015 makin:43166 ESTABLISHED 2616/nxagent
tcp 0 0 makin:34211 makin:6012 ESTABLISHED 13414/dbus-launch
tcp 0 0 makin:mysql makin:46151 ESTABLISHED 1006/mysqld
tcp 0 0 makin:52511 makin:mysql ESTABLISHED 3099/mono
tcp 0 0 server.encryptec.:46299 209.85.146.138:www ESTABLISHED 13270/firefox-bin
tcp 0 0 makin:6012 makin:34211 ESTABLISHED 13393/12
tcp 0 0 makin:34210 makin:6012 ESTABLISHED 13414/dbus-launch
tcp 0 0 makin:mysql makin:52511 ESTABLISHED 1006/mysqld
tcp 0 0 makin:46151 makin:mysql ESTABLISHED 3099/mono
tcp6 0 0 [::]:5900 [::]:
LISTEN 2729/vino-server
tcp6 0 0 [::]:19150 [::]:
LISTEN 2144/gkrellmd
tcp6 0 0 [::]:53359 [::]:
LISTEN 2311/java
tcp6 0 0 [::]:domain [::]:
LISTEN 890/named
tcp6 0 0 [::]:ssh [::]:
LISTEN 1411/sshd
tcp6 0 0 makin:ipp [::]:
LISTEN 864/cupsd
tcp6 0 0 makin:953 [::]:
LISTEN 890/named
tcp6 0 0 makin:6010 [::]:
LISTEN 2430/sshd: nx@notty
tcp6 0 0 makin:6011 [::]:
LISTEN 3078/1
tcp6 0 0 makin:6012 [::]:* LISTEN 13393/12
tcp6 0 0 makin:6013 [::]:* LISTEN 25858/15
tcp6 0 0 [::]:9412 [::]:* LISTEN 2311/java
tcp6 0 0 [::]:7015 [::]:* LISTEN 2616/nxagent
tcp6 0 0 [::]:4040 [::]:* LISTEN 2311/java
tcp6 0 0 makin:ssh makin:35611 ESTABLISHED 25776/sshd: makin [
tcp6 0 0 makin:51440 makin:ssh ESTABLISHED 13317/ssh
tcp6 0 0 makin:35611 makin:ssh ESTABLISHED 25775/ssh
tcp6 0 0 makin:48316 makin:ssh ESTABLISHED 2516/nxssh
tcp6 0 0 makin:ssh makin:48353 ESTABLISHED 2998/sshd: makin [p
tcp6 0 0 makin:ssh makin:48316 ESTABLISHED 2517/sshd: makin [p
tcp6 0 0 makin:48353 makin:ssh ESTABLISHED 2997/ssh
tcp6 0 0 makin:ssh makin:51440 ESTABLISHED 13318/sshd: makin [

content of /etc/vsftpd/vsftpd.conf

Example config file /etc/vsftpd.conf

The default compiled in settings are fairly paranoid. This sample file

loosens things up a bit, to make the ftp daemon more usable.

Please see vsftpd.conf.5 for all compiled in defaults.

READ THIS: This example file is NOT an exhaustive list of vsftpd options.

Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd’s

capabilities.

Run standalone? vsftpd can run either from an inetd or as a standalone

daemon started from an initscript.

listen=YES

Run standalone with IPv6?

Like the listen parameter, except vsftpd will listen on an IPv6 socket

instead of an IPv4 one. This parameter and the listen parameter are mutually

exclusive.

listen_ipv6=YES

Allow anonymous FTP? (Disabled by default)

#anonymous_enable=NO

Uncomment this to allow local users to log in.

local_enable=YES

Uncomment this to enable any form of FTP write command.

write_enable=YES

Default umask for local users is 077. You may wish to change this to 022,

if your users expect that (022 is used by most other ftpd’s)

local_umask=077

Uncomment this to allow the anonymous FTP user to upload files. This only

has an effect if the above global write enable is activated. Also, you will

obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

Uncomment this if you want the anonymous FTP user to be able to create

new directories.

#anon_mkdir_write_enable=YES

Activate directory messages - messages given to remote users when they

go into a certain directory.

#dirmessage_enable=YES

If enabled, vsftpd will display directory listings with the time

in your local time zone. The default is to display GMT. The

times returned by the MDTM FTP command are also affected by this

option.

#use_localtime=YES

Activate logging of uploads/downloads.

#xferlog_enable=YES

Make sure PORT transfer connections originate from port 20 (ftp-data).

#connect_from_port_20=YES

If you want, you can arrange for uploaded anonymous files to be owned by

a different user. Note! Using “root” for uploaded files is not

recommended!

#chown_uploads=YES
#chown_username=Makin

You may override where the log file goes if you like. The default is shown

below.

#xferlog_file=/var/log/vsftpd.log

If you want, you can have your log file in standard ftpd xferlog format.

Note that the default log file location is /var/log/xferlog in this case.

#xferlog_std_format=YES

You may change the default value for timing out an idle session.

#idle_session_timeout=600

You may change the default value for timing out a data connection.

#data_connection_timeout=120

It is recommended that you define on your system a unique user which the

ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

Enable this and the server will recognise asynchronous ABOR requests. Not

recommended for security (the code is non-trivial). Not enabling it,

however, may confuse older FTP clients.

#async_abor_enable=YES

By default the server will pretend to allow ASCII mode but in fact ignore

the request. Turn on the below options to have the server actually do ASCII

mangling on files when in ASCII mode.

Beware that on some FTP servers, ASCII support allows a denial of service

attack (DoS) via the command “SIZE /big/file” in ASCII mode. vsftpd

predicted this attack and has always been safe, reporting the size of the

raw file.

ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable=YES
#ascii_download_enable=YES

You may fully customise the login banner string:

ftpd_banner=Welcome to Makcast FTP

You may specify a file of disallowed anonymous e-mail addresses. Apparently

useful for combatting certain DoS attacks.

#deny_email_enable=YES

(default follows)

#banned_email_file=/etc/vsftpd.banned_emails

You may restrict local users to their home directories. See the FAQ for

the possible risks in this before using chroot_local_user or

chroot_list_enable below.

#chroot=YES

You may specify an explicit list of local users to chroot() to their home

directory. If chroot_local_user is YES, then this list becomes a list of

users to NOT chroot().

#chroot_local_user=YES
#chroot_list_enable=YES

(default follows)

chroot_list_file=/etc/vsftpd.chroot_list

You may activate the “-R” option to the builtin ls. This is disabled by

default to avoid remote users being able to cause excessive I/O on large

sites. However, some broken FTP clients such as “ncftp” and “mirror” assume

the presence of the “-R” option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

Debian customization

Some of vsftpd’s settings don’t fit the Debian filesystem layout by

default. These settings are more Debian-friendly.

This option should be the name of a directory which is empty. Also, the

directory should not be writable by the ftp user. This directory is used

as a secure chroot() jail at times vsftpd does not require filesystem

access.

#secure_chroot_dir=/var/run/vsftpd/empty

This string is the name of the PAM service vsftpd will use.

pam_service_name=vsftpd

This option specifies the location of the RSA certificate to use for SSL

encrypted connections.rsa_cert_file=/etc/ssl/private/vsftpd.pem

issue resolved seems that filezilla update defaults to passive mode instead if active mode.