FTP Local instance: ECONNREFUSED

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

FTP Local instance: ECONNREFUSED

Luc Cornet
Hi,

I am struggling with the FTP connection on our local instance.

I start ProFTPd for SHA1 like this:

$ service proftpd start #the conf file is below

   Notes: I had to do that as root, not possible as the non-root galaxy user
           ROOT PRIVS: unable to seteuid(): Operation not permitted
           -> is it possible to run proftpd as non-root?

The server run, but I am not able to connect with FTP -FileZilla (localhost:2021)

   Log: Statut :         Résolution de l'adresse de localhost
         Statut :         Connexion à [::1]:2021...
         Statut :         Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur", essai de l'adresse suivante.
         Statut :         Connexion à 127.0.0.1:2021...
         Statut :         Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur".
         Erreur :         Impossible d'établir une connexion au serveur
         Statut :         Attente avant nouvel essai...
   
   Notes: The local instance doesn't have a proxy, I access it with ssh. (ssh -C -L 8081:localhost:8081 durandal).


Any ideas? Is it linked to the firewall?

Thanks,
Luc


#proftpd.conf
$cat /etc/proftpd.conf

# Basics, some site-specific
ServerName                      "Public Galaxy FTP"
ServerType                      standalone
DefaultServer                   on
Port                            21
Umask                           077
SyslogFacility                  DAEMON
SyslogLevel                     debug
MaxInstances                    30
# This User & Group should be set to the actual user and group name which matche the UID & GID you will specify later in the SQLNamedQuery.
User                            nobody
Group                           nobody
DisplayConnect                  /etc/opt/local/proftpd_welcome.txt

# Passive port range for the firewall
PassivePorts                    30000 40000

# Cause every FTP user to be "jailed" (chrooted) into their home directory
DefaultRoot ~

# Automatically create home directory if it doesn't exist
CreateHome                      on dirmode 700

# Allow users to overwrite their files
AllowOverwrite                  on

# Allow users to resume interrupted uploads
AllowStoreRestart               on

# Bar use of SITE CHMOD
<Limit SITE_CHMOD>
    DenyAll
</Limit>

# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
    DenyAll
</Limit>

# Do not authenticate against real (system) users
AuthPAM                         off

# General database support (http://www.proftpd.org/docs/contrib/mod_sql.html)
#SQL module
LoadModule mod_sql.c

# Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables
# (contrib/mod_sql_passwd.html)
LoadModule mod_sql_passwd.c

# Postgresql support (requires proftpd-postgresql package)
# (http://www.proftpd.org/docs/contrib/mod_sql.html)
LoadModule mod_sql_postgres.c

# set Authentication order
AuthOrder                       mod_sql.c

# Set this if Galaxy user UID and/or GID are less than 999
SQLMinID                        400

# Common SQL authentication options
SQLEngine                       on
SQLPasswordEngine               on
SQLBackend                      postgres
SQLConnectInfo                  postgres@localhost:5432 galaxyftp <dbpassword>
SQLAuthenticate                 users

##
# Set up mod_sql/mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
SQLAuthTypes                    SHA1
SQLPasswordEncoding             hex

# An empty directory in case chroot fails
#SQLDefaultHomedir              /var/opt/local/proftpd

# Define a custom query for lookup that returns a passwd-like entry. Replace 512s with the UID and GID of the user running the Galaxy server
SQLUserInfo                     custom:/LookupGalaxyUser
SQLNamedQuery                   LookupGalaxyUser SELECT "email,password,512,512,'/home/nate/galaxy_dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"

------------
Luc Cornet, PhD
Bio-informatician
Mycology and Aerobiology
Sciensano
___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  %(web_page_url)s

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/
Reply | Threaded
Open this post in threaded view
|

Re: FTP Local instance: ECONNREFUSED

Youssef  GHORBAL
Hi Luc,

        I don't get your setup, as per proftpd conf you are running FTP service on TCP 21 port while you are trying to connect with filezilla on port 2021.
        If you are using some port forwarding over SSH or things like that you have to keep in mind that FTP has two connection, the control connection over port 21 and the data connection over a random TCP port negociated by the contol session (in the range 30000 40000 as per your configuration) so you need to forward port 21 and all this port range to make it work properly. If you are not using any port forwarding technique, then you should point your filezilla to localhost:21

        Proftpd needs to bind to ports <1024 and thus needs root (or the binary needs the CAP_NET_BIND_SERVICE capability set) but as soon as the bind is done, Proftpd drops root previliges. Proftpd needs also root in order to manage logging. So no worry about Proftpd needing root. If you insist you can make it bind on a high port and ensure that log/run directory is writable by the runnig user and it should start correctly.

        For database auth access, that's weird, but on an the old Proftpd (proftpd-1.3.3g on Centos 6) we are running (to do sFTP for instance and not FTP) I have this little comment at the end of the conf file:

# weird behaviour, but SQL auth works only in DEBUG !
# http://www.linuxquestions.org/questions/linux-software-2/proftpd-works-only-in-debug-mode-4175516815/
# no more time to investigate further
SyslogLevel DEBUG

        Maybe you should give it a try.

Youssef Ghorbal
Institut Pasteur
-------------------------------

> On 30 Apr 2020, at 17:45, Luc Cornet <[hidden email]> wrote:
>
> Hi,
>
> I am struggling with the FTP connection on our local instance.
>
> I start ProFTPd for SHA1 like this:
>
> $ service proftpd start #the conf file is below
>
>   Notes: I had to do that as root, not possible as the non-root galaxy user
>           ROOT PRIVS: unable to seteuid(): Operation not permitted
>           -> is it possible to run proftpd as non-root?
>
> The server run, but I am not able to connect with FTP -FileZilla (localhost:2021)
>
>   Log: Statut :         Résolution de l'adresse de localhost
>         Statut :         Connexion à [::1]:2021...
>         Statut :         Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur", essai de l'adresse suivante.
>         Statut :         Connexion à 127.0.0.1:2021...
>         Statut :         Échec de la tentative de connexion avec "ECONNREFUSED - Connexion refusée par le serveur".
>         Erreur :         Impossible d'établir une connexion au serveur
>         Statut :         Attente avant nouvel essai...
>
>   Notes: The local instance doesn't have a proxy, I access it with ssh. (ssh -C -L 8081:localhost:8081 durandal).
>
>
> Any ideas? Is it linked to the firewall?
>
> Thanks,
> Luc
>
>
> #proftpd.conf
> $cat /etc/proftpd.conf
>
> # Basics, some site-specific
> ServerName                      "Public Galaxy FTP"
> ServerType                      standalone
> DefaultServer                   on
> Port                            21
> Umask                           077
> SyslogFacility                  DAEMON
> SyslogLevel                     debug
> MaxInstances                    30
> # This User & Group should be set to the actual user and group name which matche the UID & GID you will specify later in the SQLNamedQuery.
> User                            nobody
> Group                           nobody
> DisplayConnect                  /etc/opt/local/proftpd_welcome.txt
>
> # Passive port range for the firewall
> PassivePorts                    30000 40000
>
> # Cause every FTP user to be "jailed" (chrooted) into their home directory
> DefaultRoot ~
>
> # Automatically create home directory if it doesn't exist
> CreateHome                      on dirmode 700
>
> # Allow users to overwrite their files
> AllowOverwrite                  on
>
> # Allow users to resume interrupted uploads
> AllowStoreRestart               on
>
> # Bar use of SITE CHMOD
> <Limit SITE_CHMOD>
>    DenyAll
> </Limit>
>
> # Bar use of RETR (download) since this is not a public file drop
> <Limit RETR>
>    DenyAll
> </Limit>
>
> # Do not authenticate against real (system) users
> AuthPAM                         off
>
> # General database support (http://www.proftpd.org/docs/contrib/mod_sql.html)
> #SQL module
> LoadModule mod_sql.c
>
> # Support for base-64 or hex encoded MD5 and SHA1 passwords from SQL tables
> # (contrib/mod_sql_passwd.html)
> LoadModule mod_sql_passwd.c
>
> # Postgresql support (requires proftpd-postgresql package)
> # (http://www.proftpd.org/docs/contrib/mod_sql.html)
> LoadModule mod_sql_postgres.c
>
> # set Authentication order
> AuthOrder                       mod_sql.c
>
> # Set this if Galaxy user UID and/or GID are less than 999
> SQLMinID                        400
>
> # Common SQL authentication options
> SQLEngine                       on
> SQLPasswordEngine               on
> SQLBackend                      postgres
> SQLConnectInfo                  postgres@localhost:5432 galaxyftp <dbpassword>
> SQLAuthenticate                 users
>
> ##
> # Set up mod_sql/mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
> SQLAuthTypes                    SHA1
> SQLPasswordEncoding             hex
>
> # An empty directory in case chroot fails
> #SQLDefaultHomedir              /var/opt/local/proftpd
>
> # Define a custom query for lookup that returns a passwd-like entry. Replace 512s with the UID and GID of the user running the Galaxy server
> SQLUserInfo                     custom:/LookupGalaxyUser
> SQLNamedQuery                   LookupGalaxyUser SELECT "email,password,512,512,'/home/nate/galaxy_dist/database/ftp/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"
>
> ------------
> Luc Cornet, PhD
> Bio-informatician
> Mycology and Aerobiology
> Sciensano
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>  %(web_page_url)s
>
> To search Galaxy mailing lists use the unified search at:
>  http://galaxyproject.org/search/

___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  %(web_page_url)s

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/