Re: [CentOS] Vsftpd configuration problem
On Mon, Apr 1, 2013 at 8:04 PM, Max Pyziur p...@brama.com wrote: [root@srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config # Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which # are loaded after the firewall rules are applied. Options for the helpers are # stored in /etc/modprobe.conf. IPTABLES_MODULES=nf_conntrack_ftp nf_nat_ftp So, are you saying this last line is key? Because on the CentOS 5 setup I see: IPTABLES_MODULES=ip_conntrack_netbios_ns ip_conntrack_ftp While on the CentOS 6 setup I see: IPTABLES_MODULES= What is the correct/recommended setting? You need ip_conntrack_ftp added to your IPTABLES_MODULES in /etc/sysconfig/iptables-config. Add that module name, restart iptables, double check your firewall rules (allow TCP port 21), and try to FTP into your box. You could have switched your FTP client to active FTP rather than passive (generally the default). The link to slacksite link below explains active and passive FTP. http://slacksite.com/other/ftp.html Max Pyziur p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- ---~~.~~--- Mike // SilverTip257 // ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Vsftpd configuration problem
Greetings, Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files. I'm flummoxed. What I had been doing is adding more directives to my /etc/hosts.deny file, today to include certain categories of ip addresses for the vsftpd service. I unwound that after I saw the problem starting to occur, and have restarted vsftpd several times. That hasn't changed the above issue. And yes, I've googled. My firewall setting has port 21 open. I can remotely telnet to hostname 21 and I get a response indicating that the port is open. Any advice would be appreciated. Much thanks. Max Pyziur p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd configuration problem
On Tue, 2 Apr 2013, Reindl Harald wrote: Am 02.04.2013 01:12, schrieb Max Pyziur: Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files My firewall setting has port 21 open I can remotely telnet to hostname 21 and you understood that ftp needs also a data-channel and not only the control-connection? I assume that you are referring to the following vsftpd configuration file setting: # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES Btw, When ftping to another user on the same machine, there is no problem in making a connection or in transferring data; it's connections that our outside the box. http://slacksite.com/other/ftp.html MP ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd configuration problem
On Mon, 1 Apr 2013, lists-centos wrote: Original Message Date: Monday, April 01, 2013 07:12:53 PM -0400 From: Max Pyziur p...@brama.com To: centos@centos.org Cc: Subject: [CentOS] Vsftpd configuration problem Greetings, Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files. I'm flummoxed. What I had been doing is adding more directives to my /etc/hosts.deny file, today to include certain categories of ip addresses for the vsftpd service. I unwound that after I saw the problem starting to occur, and have restarted vsftpd several times. That hasn't changed the above issue. And yes, I've googled. My firewall setting has port 21 open. I can remotely telnet to hostname 21 and I get a response indicating that the port is open. Any advice would be appreciated. Much thanks. Max Pyziur p...@brama.com ftp uses port 21 for the connection and port 20 for the data, which includes directory listings as well as the file transfer proper - see /etc/services. so if you have port 20 blocked that would explain your problem. Does port 20 have to be open in the firewall? If so, this would be the first machine where I have explicitly set this. - Richard Max ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd configuration problem - followup
On Tue, 2 Apr 2013, Reindl Harald wrote: Am 02.04.2013 01:12, schrieb Max Pyziur: Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files My firewall setting has port 21 open I can remotely telnet to hostname 21 and you understood that ftp needs also a data-channel and not only the control-connection? http://slacksite.com/other/ftp.html When ftping to the machine, the following is reported from an lsof -i: ~ lsof -i | grep ftp vsftpd18051 root3u IPv4 47313973 0t0 TCP *:ftp (LISTEN) vsftpd18448 nobody0u IPv4 47318710 0t0 TCP brama.com:ftp-pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd18448 nobody1u IPv4 47318710 0t0 TCP brama.com:ftp-pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd18448 nobody2u IPv4 47318710 0t0 TCP brama.com:ftp-pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd18465 pyz20u IPv4 47318710 0t0 TCP brama.com:ftp-pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd18465 pyz21u IPv4 47318710 0t0 TCP brama.com:ftp-pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd18465 pyz22u IPv4 47318710 0t0 TCP brama.com:ftp-pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) fyi, MP p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd configuration problem
On Tue, 2 Apr 2013, Reindl Harald wrote: Am 02.04.2013 01:25, schrieb Max Pyziur: On Tue, 2 Apr 2013, Reindl Harald wrote: Am 02.04.2013 01:12, schrieb Max Pyziur: Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files My firewall setting has port 21 open I can remotely telnet to hostname 21 and you understood that ftp needs also a data-channel and not only the control-connection? I assume that you are referring to the following vsftpd configuration file setting: # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES no - port 20 has NOTHING t do with passive FTP Btw, When ftping to another user on the same machine, there is no problem in making a connection or in transferring data beause it is nor firewalled nor NAted it's connections that our outside the box. i bet you are behind a nat iptables or the firewall needs to translate he answers of the servers you need to read some documentations how FTP works and how NAT works to undersatdn the details Ok. [root@srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config # Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which # are loaded after the firewall rules are applied. Options for the helpers are # stored in /etc/modprobe.conf. IPTABLES_MODULES=nf_conntrack_ftp nf_nat_ftp So, are you saying this last line is key? Because on the CentOS 5 setup I see: IPTABLES_MODULES=ip_conntrack_netbios_ns ip_conntrack_ftp While on the CentOS 6 setup I see: IPTABLES_MODULES= What is the correct/recommended setting? http://slacksite.com/other/ftp.html Max Pyziur p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Vsftpd configuration problem
Hi Max, It looks like a network issue instead of the software. Falling back to PORT sounds like to ACTIVE mode from PASV mode. In PASV, you will be connecting to a random port told by server with a random port from your side. Do you have a firewall to block such traffic that the system will send out port unreachable ICMP? Maybe you can do a tcpdump to see what it is going on. For PASV, you can only use host client and host server and tcp and not port 22 as the filter. It's not effective but it will collect what you want to locate the issue. Best regards, Banyan He Blog: http://www.rootong.com Email: ban...@rootong.com On 4/2/2013 7:12 AM, Max Pyziur wrote: Greetings, Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files. I'm flummoxed. What I had been doing is adding more directives to my /etc/hosts.deny file, today to include certain categories of ip addresses for the vsftpd service. I unwound that after I saw the problem starting to occur, and have restarted vsftpd several times. That hasn't changed the above issue. And yes, I've googled. My firewall setting has port 21 open. I can remotely telnet to hostname 21 and I get a response indicating that the port is open. Any advice would be appreciated. Much thanks. Max Pyziur p...@brama.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
