21 posts / 0 new
Last post
#1 Sun, 06/28/2009 - 13:57
mrwilder

FTP Died

My backups quit working last night because FTPd died.

I can't restart it. I get the message

warning: `proftpd' uses 32-bit capabilities (legacy support in use)

I have not knowingly changed anything on the box, although it may have updated itself... hehe...

Has anyone seen this? Where might I look for more information?

Sun, 06/28/2009 - 15:28
Joe
Joe's picture

Logs. Always look in the logs. Which log depends on your OS and the proftpd package in use (which we don't know). There's probably something in /var/log/messages, and possibly something in /var/log/proftpd*.

--

Check out the forum guidelines!

Sun, 06/28/2009 - 17:18 (Reply to #2)
mrwilder

Well, for some reason there was nothing in the log file /var/log/messages. I am running ProFTPd version 1.31. I was able to get proFTPd started by adding a virtual server, even though it worked previously without one. Unfortunately, I cannot connect to the server. When I try to telnet to port 21 from a remote server or telnet from the localhost port 21, I get a connection refused.

I turned log level up to "info" and still see no error messages.

I checked the server from the desktop level, and the firewall (still) has port 21 tcp open.

Can't connect.

Sun, 06/28/2009 - 21:46 (Reply to #3)
Joe
Joe's picture

Where did you proftpd package come from? There are known to be a few that have broken PAM configurations out in the wild in third party repositories.

An empty /var/log/messages makes no sense. Everything logs to messages. If it's empty, I think I'd be quite worried...at the very least, syslogd isn't running, and should be.

--

Check out the forum guidelines!

Mon, 06/29/2009 - 13:02 (Reply to #4)
mrwilder

I apologize. I realize you are trying to help me.

What I meant was that there were no obviously ftpd related error message in /var/log/messsages- at least as reported by webmin. I didnt look with vi. /var/log/proftpd is a truly empty directory.

There was no "Virtual server" configured but ftpd was still running fine as I had another server saving backups to it. ftpd suddenly stopped working the other day, but I've done nothing to the box that I am aware of. If there was an update that was automated, I'm not aware of it. In order to get ProFTP even working again, I tried adding a virtual ftp server, which apparently worked somewhat as now the server starts.

So: Webmin reports that ProFTPd is running. The firewall claims the port is open, but I get connection refused when I try to telnet or use an FTP client. The proftpd config file is nearly identical to the one on the working server. This version of FTP was installed when I ran an installer to add virtualmin to the Webmin installation a few months ago.

Assume I attempt to connect right now. I get a "connection refused". Should I be seeing a message about that in /var/log/messages? Somewhere else?

Thanks for all your efforts,

Tony

Mon, 06/29/2009 - 14:53 (Reply to #5)
Joe
Joe's picture

What package version of proftpd are you running?

rpm -q proftpd

Do you know where it came from? If you have any third party repositories enabled, you may have a broken proftpd package.

--

Check out the forum guidelines!

Mon, 06/29/2009 - 16:47 (Reply to #6)
mrwilder

proftpd-1.3.1-8.fc9.i386

I do not know where the package came from. I assume it was installed by the linux installer, or by virtualmin itself.

It is very possible I broke something as I installed several perl packages however I didnt immediately notice it being broke.

Would you suggest I try to install ftpd again? If so, how? Just run rpm -ivh proftp-1.something, or through a virtualmin page?

Thanks again, Tony

Mon, 06/29/2009 - 17:28 (Reply to #7)
Joe
Joe's picture

No, that looks like the Fedora 9 standard package, which is fine, and known to work.

What's in /var/log/secure.log when you try to login?

--

Check out the forum guidelines!

Mon, 06/29/2009 - 18:47 (Reply to #8)
mrwilder

There are no entries made to /var/log/secure when I try to ftp into the server box. However when I ssh in to the server box, a message is added to the var/log/secure. Additionally, continuous messages are added about other services to /var/log/messages as well, but not about proftp. ProFTP log level is set to "info"

I get the "connection refused" message so quickly, I originally suspected the problem was with the client computer, but, I've tried three of them at two different geographic places/networks, so, that's not it. Additionally, I get the same thing if I log in to the server computer itself and try to "ftp localhost"

Webmin System Information reports ProFTP is up and furthermore

ps aux |grep ftp

root 4259 0.0 0.0 6532 1272 ? Ss Jun28 0:01 proftpd: (accepting connections)

I triple checked the firewall has 21 open, and even tried turning it off completely.

I have not knowingly added or changed anything on the box at all.

Mon, 06/29/2009 - 18:57 (Reply to #9)
andreychek

Howdy,

You're not by chance running your server behind a NAT router, are you?

I guess I'm asking if it's possible that the provider your server is located at could be blocking FTP, or if you need to do some port forwarding in order for it to work.

Also, if you SSH into your server, can you FTP (or telnet) into ProFTp (port 21) from there?

-Eric

Mon, 06/29/2009 - 19:20 (Reply to #10)
mrwilder

The server is on my own business line. Nothing is blocked. I am running ftpd on another server through the same router, both servers ran together simultaneously for the last few months, and I have historically ran anywhere from two to five servers through this same connection for years.

The ftp server in question was working till the other day then stopped mysteriously. I was making backups from ns1(client) to ns2(server) every night till one night it didn't work. I had thought I may have changed some packages, but, upon reflection, I don't think I did.

I can't telnet or ftp to localhost from the machine in question.

telnet localhost 21
telnet: connect to address 127.0.0.1: Connection refused

ftp localhost ftp: connect: Connection refused

Tried that. I get no log entries to /var/log/messages, /var/log/secure. or /var/log/proftpd when I try it either...

But Webmin reports ProFTP is running and:

netstat -l |grep ftp
unix 2 [ ACC ] STREAM LISTENING 20015 /var/run/proftpd/proftpd.sock
unix 2 [ ACC ] STREAM LISTENING 20025 /var/run/proftpd/proftpd.sock

Also:

ps aux |grep ftp
root 4259 0.0 0.0 6532 1272 ? Ss Jun28 0:01 proftpd: (accepting connections)

Mon, 06/29/2009 - 22:14 (Reply to #11)
andreychek

Hrm, that's not the netstat output I'd have expected.

Two questions:

  1. If you restart FTP (/etc/init.d/proftp restart), do you see any errors/warnings on the command line or in the logs?

  2. What is the output of this: netstat -an | grep :21

Thanks,

-Eric

Tue, 06/30/2009 - 00:00
mrwilder

Nothing special from the command line on restart:

/etc/init.d/proftpd restart
Shutting down proftpd: [ OK ]
Starting proftpd: [ OK ]

And I got an innocuous:

Jun 29 21:56:30 ns2 proftpd[27949]: ProFTPD killed (signal 15)
Jun 29 21:56:30 ns2 proftpd[27949]: ProFTPD 1.3.1 standalone mode SHUTDOWN
Jun 29 21:56:30 ns2 proftpd[28281]: ProFTPD 1.3.1 (stable) (built Fri Jan 2 09:14:34 EST 2009) standalone mode STARTUP

in /var/log/messages

BUT

Now THIS is interesting... The output of netstat -an | grep :21 is obviously hosed:

tcp 0 0 0.0.0.0:54321 0.0.0.0:* LISTEN

What's up with that?

Tue, 06/30/2009 - 10:58
andreychek

Yeah, it doesn't look like it's listening on port 21.

If you stop FTP:

/etc/init.d/proftpd stop

And then type this:

ps auxw | grep ftp

Do you see any processes?

-Eric

Tue, 06/30/2009 - 14:22 (Reply to #14)
mrwilder

When I stop ftpd and run

root 18372 0.0 0.0 4120 696 pts/0 S+ 12:21 0:00 grep ftp

The only process I see is the grep itself...

By the way, when I run

netstat -an | grep :21

and get

tcp 0 0 0.0.0.0:54321 0.0.0.0:* LIST EN

I should point out that those zeroes are the REAL output of the command, I did not change them... and furthermore, 54321 is the port usermin is listening on. That seems like it's probably important

Tue, 06/30/2009 - 14:29
andreychek

Well, the 0's don't surprise me -- 0.0.0.0 is a fancy way of saying "listen on all IP's".

What surprises me is that you searched on the string ":21", yet ":21" doesn't actually exist in the output you have there (the 21 by itself does, but not a 21 with a : in front of it).

But I chalked that up to a typo :-)

What it looks like is that proftp is not listening on port 21. Maybe it's listening on another port; maybe it's not listening at all, I'm not sure yet. But I don't see anything that suggests it's listening on the normal FTP port.

So I guess the next step is to determine if it's listening anywhere at all. We can do that with the "lsof" command (which should be available on nearly every distro, but may not be installed by default).

Try typing this:

lsof | grep proftp | grep TCP

When I type that, I see:

proftpd 307 proftpd 1u IPv6 114460893 TCP *:ftp (LISTEN)

Tue, 06/30/2009 - 15:03 (Reply to #16)
mrwilder

When I first ran it, I got nothing, but I realized I had forgotten to restart ftpd from your last instruction.

But even after I restarted it, this happened:

[root@ns2 ~]# /etc/init.d/proftpd start
Starting proftpd: [ OK ]
[root@ns2 ~]# lsof | grep proftp | grep TCP
[root@ns2 ~]#

SOOoooo, I guess it's not listening?

Tue, 06/30/2009 - 15:22 (Reply to #17)
andreychek

Yeah, doesn't look like it's listening. That's certainly not running as expected ;-)

I guess what I'd try is launching the ProFTP daemon by hand to see if maybe the init script is hiding some error messages that it would otherwise be throwing out.

So, stop ProFTP, then just launch it from the command line (which is /usr/sbin/proftpd on my Ubuntu system), and see what happens :-)

-Eric

Tue, 06/30/2009 - 16:58 (Reply to #18)
mrwilder

[root@ns2 sbin]# ./proftpd - warning: unable to determine IP address of 'ns2' - warning: unable to determine IP address of 'ns2'

Looks like it's your favorite topic: dns...

As I recall "ns2" is the listed somewhere as a nickname for the server. I can't for the life of me remember where or how to change it though. If I get rid of the nickname/shortcut/servername(???) I assume that will be useful.

Tue, 06/30/2009 - 17:12 (Reply to #19)
andreychek

Aha!

Yeah, sounds like your hostname doesn't match any entries in the /etc/hosts file.

What does your /etc/hosts file look like?

The entry containing your IP address should have the name "ns2" listed after it.

-Eric

Tue, 06/30/2009 - 17:40 (Reply to #20)
mrwilder

I added ns2 to the hosts file. That got the ftp server up and listening.

THANK YOU.

I'm still confused as to why the entry went away, and I seriously doubt it was ever in there in the first place, and how and why things changed with no (known) move on my part.

But in any case, thanks again.