[
https://issues.apache.org/jira/browse/CLOUDSTACK-7517?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14128231#comment-14128231
]
Jayapal Reddy commented on CLOUDSTACK-7517:
-------------------------------------------
Problem:
-----------
FTP inbound service is not working in isolated networks.
Created ingress rules for ftp on public ip and accessing ftp service in VM from
the public network got failed.
Root cause analysis:
-------------------------
ftp connection tracking modules are missed in VR. Due to which the ftp data
connections are failing.
Proposed solution:
-----------------------
loading nf_nat_ftp module in VR using the modprobe command.
nf_nat_ftp, nf_conntrack_ftp modules got loaded.
root@r-7-QA:~# lsmod | grep ftp
root@r-7-QA:~# modprobe nf_nat_ftp
root@r-7-QA:~# lsmod | grep ftp
nf_nat_ftp 12420 0
nf_conntrack_ftp 12533 1 nf_nat_ftp
nf_nat 17924 2 nf_nat_ftp,iptable_nat
nf_conntrack 43121 7
nf_conntrack_ftp,nf_nat_ftp,nf_conntrack_ipv4,nf_nat,iptable_nat,xt_state,xt_connmark
root@r-7-QA:~#
Verification steps:
----------------------
1. In isolated network enable static nat for VM1 and open firewall port for
20-21
2.
a. In VM1 install ftp server.
http://ostechnix.wordpress.com/2013/12/15/setup-ftp-server-step-by-step-in-centos-6-x-rhel-6-x-scientific-linux-6-x/
b. stop iptables on the User VM
c. add a new file in ftp sever path. ex: /var/ftp/pub/test.txt
3. verify in VR for modules loaded or not, refer commands in proposed solution
section
4. Now connect to ftp server from public side and do file transfer.
Use both cmd line and browser for connecting.
#cmdline:
JayMac:~ jayapalreddy$ ftp 10.147.52.115
Connected to 10.147.52.115.
220 (vsFTPd 2.0.5)
Name (10.147.52.115:jayapalreddy): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
229 Entering Extended Passive Mode (|||20997|)
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 Sep 10 03:52 pub
226 Directory send OK.
ftp>
ftp> pwd
Remote directory: /
ftp> cd pub
250 Directory successfully changed.
ftp> ls
229 Entering Extended Passive Mode (|||5789|)
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 35 Sep 10 03:52 test.txt
226 Directory send OK.
ftp> get test.txt
local: test.txt remote: test.txt
229 Entering Extended Passive Mode (|||21044|)
150 Opening BINARY mode data connection for test.txt (35 bytes).
100%
|*************************************************************************************************************************************************************|
35 12.43 KiB/s 00:00 ETA
226 File send OK.
35 bytes received in 00:00 (1.28 KiB/s)
ftp>
#From web browser:
ftp://10.147.52.115/pub/test.txt
> FTP modules are not loaded in VR
> --------------------------------
>
> Key: CLOUDSTACK-7517
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7517
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Network Controller
> Affects Versions: 4.2.0
> Reporter: Jayapal Reddy
> Assignee: Jayapal Reddy
> Fix For: 4.5.0
>
>
> To have Active FTP working in isolated networks VRs need the have the
> following modules loaded
> modprobe nf_nat_ftp
> root@r-7-QA:~# lsmod | grep ftp
> root@r-7-QA:~# modprobe nt_nat_ftp
> FATAL: Module nt_nat_ftp not found.
> root@r-7-QA:~# modprobe nf_nat_ftp
> root@r-7-QA:~# lsmod | grep ftp
> nf_nat_ftp 12420 0
> nf_conntrack_ftp 12533 1 nf_nat_ftp
> nf_nat 17924 2 nf_nat_ftp,iptable_nat
> nf_conntrack 43121 7
> nf_conntrack_ftp,nf_nat_ftp,nf_conntrack_ipv4,nf_nat,iptable_nat,xt_state,xt_connmark
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
