Cannot FTP without simultaneous SSH connection?
- by Lucas
I'm trying to set up an old box as a backup server (running 10.04.4 LTS). I intend to use 3rd party software on my PC to periodically connect to my server via FTP(S) and to mirror certain files. For some reason, all FTP connection attempts fail UNLESS I'm simultaneously connected via SSH.
For example, if I use putty to test the connection to port 21, the system hangs and times out. I get:
220 Connected to LeServer
USER lucas
331 Please specify the password.
PASS [password]
<cursor>
However, when I'm simultaneously logged in (in another session) everything works:
220 Connected to LeServer
USER lucas
331 Please specify the password.
PASS [password]
230 Login successful.
Basically, this means that my software will never be able to connect on its own, as intended. I know that the correct port is open because it works (sometimes) and nmap gives me:
Starting Nmap 5.00 ( http://nmap.org ) at 2012-03-20 16:15 CDT
Interesting ports on xx.xxx.xx.x:
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
139/tcp open netbios-ssn
445/tcp open microsoft-ds
Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds
My only hypothesis is that this has something to do with iptables. Maybe it's allowing only established connections? I don't think that's how I set it up, but maybe? Here's my iptables rules for INPUT:
lucas@rearden:~$ sudo iptables -L INPUT
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
I'm using vsftpd. Any thoughts/resources on how I could fix this?
L
