Hi Daren, Leave the 'exit 0' in place. Any entries into rc.local should be added before the exit 0 line.
This issue is actually already fixed in our most recent releases. So, upgrading should fix it as well. If you upgrade, then there's no need to bother with rc.local. Thanks, Robyn Daren Tay wrote: > Hi guys, > > can't remember if I replied... but thanks for the help :) > > there's a "exit 0" in the rc.local, should I remove it prior to adding that > line? > > Is subsequent releases fixing this "problem"? > > Thanks! > Daren > > -----Original Message----- > From: Robyn Orosz [mailto:[EMAIL PROTECTED] > Sent: Wednesday, 29 August 2007 22:35 > To: Daren Tay > Cc: Wink; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > Hi Daren, > > Try doing a: > > Router-1:~# modprobe ip_nat_ftp > > Then attempt your FTP connection again and see if that works. If it > does, you should add the 'modprobe ip_nat_ftp' line to the > '/etc/rc.local' file so that the module will be loaded on boot. > > You can also run a package update to the latest version. Instructions > are on this page: > > http://www.vyatta.com/twiki/bin/view/Community/HowToUpdate > > The package update is *somewhat* non-disruptive but, you will have to > reboot before you can run the new version. > > I wouldn't say VC2 is too old but, we have been adding new features and > fixing issues so rapidly that it will almost always benefit you to > upgrade when a more current stable release is available. > > Thank you and let me know if loading the nat ftp module works for you. > > -Robyn > > Daren Tay wrote: > >> I am using VC2. Is that "too old"? >> >> I can't find the ip_conntrack_ftp and the ip_nat in the system... is there >> any way I can add it in without upgrading it? >> Because we have deploy this machine router into a pre-production >> > environment > >> already... >> >> I did a tshark as advice, and the response is as follows. Basically my ftp >> client manage to do all the authentication etc... but just time out at the >> end. >> I have replace the ip address with text for security sake :) >> >> 0.000000 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [SYN] Seq=0 Len=0 MSS=1 460 >> 0.000821 <server public ip address> -> <mine ip address> TCP 21 > 62695 >> [SYN, ACK] Seq=0 Ack=1 >> Win=5840 Len=0 MSS=1460 >> 0.003708 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [ACK] Seq=1 Ack=1 Win=6 5535 >> Len=0 >> 0.004924 <server public ip address> -> <mine ip address> FTP Response: >> > 220 > >> (vsFTPd 2.0.1) >> 0.008623 <mine ip address> -> <server public ip address> FTP Request: >> > USER > >> st701import >> 0.008749 <server public ip address> -> <mine ip address> TCP 21 > 62695 >> [ACK] Seq=21 Ack=19 Win =5840 >> Len=0 >> 0.008780 <server public ip address> -> <mine ip address> FTP Response: >> > 331 > >> Please specify the p assword. >> 0.011728 <mine ip address> -> <server public ip address> FTP Request: >> > PASS > >> st701import >> 0.015016 <server public ip address> -> <mine ip address> FTP Response: >> > 230 > >> Login successful. >> 0.019243 <mine ip address> -> <server public ip address> FTP Request: >> > SYST > >> 0.019385 <server public ip address> -> <mine ip address> FTP Response: >> > 215 > >> UNIX Type: L8 >> 0.022724 <mine ip address> -> <server public ip address> FTP Request: >> > FEAT > >> 0.022865 <server public ip address> -> <mine ip address> FTP Response: >> 211-Features: >> 0.022869 <server public ip address> -> <mine ip address> FTP Response: >> EPRT >> 0.024277 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [ACK] Seq=49 Ack=119 Wi >> > n=65417 > >> Len=0 >> 0.024407 <server public ip address> -> <mine ip address> FTP Response: >> EPSV >> 0.044471 <mine ip address> -> <server public ip address> FTP Request: >> > PWD > >> 0.044602 <server public ip address> -> <mine ip address> FTP Response: >> > 257 > >> "/" >> 0.048225 <mine ip address> -> <server public ip address> FTP Request: >> > TYPE > >> A >> 0.048362 <server public ip address> -> <mine ip address> FTP Response: >> > 200 > >> Switching to ASCII m ode. >> 0.053214 <mine ip address> -> <server public ip address> FTP Request: >> > PORT > >> 202,79,222,24,238,93 >> 0.053370 <server public ip address> -> <mine ip address> FTP Response: >> > 200 > >> PORT command success ful. >> Consider using PASV. >> 0.056698 <mine ip address> -> <server public ip address> FTP Request: >> > LIST > >> 0.096912 <server public ip address> -> <mine ip address> TCP 21 > 62695 >> [ACK] Seq=267 Ack=95 Wi >> > n=5840 > >> Len=0 >> 29.923389 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [FIN, ACK] Seq=95 Ack=267 Win=65269 Len=0 >> 29.963325 <server public ip address> -> <mine ip address> TCP 21 > 62695 >> [ACK] Seq=267 Ack=96 Win=5840 Len=0 >> 35.095862 <mine ip address> -> 202.79.220.67 FTP Request: REST 0 >> 35.097736 202.79.220.67 -> <mine ip address> FTP Response: 350 Restart >> position accepted (0). >> 35.258781 <mine ip address> -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=8 >> Ack=36 Win=65437 Len=0 >> 60.059182 <server public ip address> -> <mine ip address> FTP Response: >> > 425 > >> Failed to establish connection. >> 60.059188 <server public ip address> -> <mine ip address> FTP Response: >> > 500 > >> OOPS: >> 60.059191 <server public ip address> -> <mine ip address> FTP Response: >> vsf_sysutil_recv_peek: no data >> 60.059195 <server public ip address> -> <mine ip address> FTP Response: >> 60.060807 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [RST, ACK] Seq=96 Ack=304 Win=0 Len=0 >> 60.060963 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [RST] Seq=96 Len=0 >> 60.061221 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [RST] Seq=96 Len=0 >> 60.061580 <mine ip address> -> <server public ip address> TCP 62695 > 21 >> [RST] Seq=96 Len=0 >> 89.135183 <mine ip address> -> 202.79.220.67 FTP Request: TYPE I >> 89.136835 202.79.220.67 -> <mine ip address> FTP Response: 200 Switching >> > to > >> Binary mode. >> 89.273732 <mine ip address> -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=16 >> Ack=67 Win=65406 Len=0 >> >> -----Original Message----- >> From: Robyn Orosz [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, 28 August 2007 21:41 >> To: Daren Tay >> Cc: Wink; vyatta-users@mailman.vyatta.com >> Subject: Re: [Vyatta-users] Allowing FTP Connections >> >> >> Hi Daren, >> >> If you are running an earlier version of Vyatta, the FTP conntrack NAT >> module may not be loaded. See the following Bugzilla issue: >> >> https://bugzilla.vyatta.com/show_bug.cgi?id=1498 >> >> This issue has been resolved in the latest versions of Vyatta. >> >> You can tell which version you're running by running the 'show version' >> command in the CLI operational mode. >> >> You can tell whether or not the appropriate modules are loaded by >> running 'lsmod' from the bash shell while logged in as root. >> >> lsmod |grep ftp >> >> If they aren't loaded, you can try doing a modprobe fore the NAT/ >> conntrack FTP modules: >> >> ip_conntrack_ftp and ip_nat_ftp >> >> Or, upgrade your system. >> >> If these modules or the same modules preceded by nf rather than ip are >> loaded, you should be OK. If that's the case then go with Wink's >> suggestion of running a packet capture on the Vyatta router: >> >> Example: tshark -n -i eth1 port ftp >> >> Where -i ethx = the interface on the router that your desktop is >> connected to and you can also run it on eth0 which looks to be your >> outside facing interface. >> >> Hope this helps. >> >> Thanks, >> >> Robyn >> >> Daren Tay wrote: >> >> >>> woah... on the desktop that i am trying to connect from? >>> >>> -----Original Message----- >>> From: Wink [mailto:[EMAIL PROTECTED] >>> Sent: Tuesday, 28 August 2007 19:14 >>> To: Daren Tay; vyatta-users@mailman.vyatta.com >>> Subject: Re: [Vyatta-users] Allowing FTP Connections >>> >>> >>> Packet captures? Perhaps the forwarding function is working. >>> >>> I'd run wireshark and see if the FTP packets are being forwarded out of >>> >>> >> the >> >> >>> router... >>> >>> >>> ----- Original Message ----- >>> From: "Daren Tay" <[EMAIL PROTECTED]> >>> To: <vyatta-users@mailman.vyatta.com> >>> Sent: Tuesday, August 28, 2007 6:09 AM >>> Subject: [Vyatta-users] Allowing FTP Connections >>> >>> >>> >>> >>> >>>> Hi guys, >>>> >>>> I realise after setting all the static routes, and what not, I can SSH >>>> >>>> >> but >> >> >>>> I >>>> can't FTP. weird... >>>> >>>> basically the public ip is at my router which directs to my private >>>> >>>> >> server >> >> >>>> (192.168.40.x) via routing. >>>> The 2 key NAT rules are: >>>> >>>> rule 1 { >>>> type: "source" >>>> translation-type: "masquerade" >>>> outbound-interface: "eth0" >>>> protocols: "all" >>>> source { >>>> network: 192.168.40.0/24 >>>> } >>>> destination { >>>> network: 0.0.0.0/0 >>>> } >>>> } >>>> >>>> >>>> rule 12 { >>>> type: "destination" >>>> translation-type: "static" >>>> inbound-interface: "eth0" >>>> protocols: "all" >>>> source { >>>> network: 0.0.0.0/0 >>>> } >>>> destination { >>>> address: <public ip> >>>> } >>>> inside-address { >>>> address: 192.168.40.73 >>>> } >>>> } >>>> >>>> >>>> >>>> Can SSH, HTTP etc, but I can't do FTP weirdly.... do I need to do more >>>> NAT? >>>> >>>> Thanks! >>>> Daren >>>> >>>> _______________________________________________ >>>> Vyatta-users mailing list >>>> Vyatta-users@mailman.vyatta.com >>>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>>> >>>> >>>> -- >>>> No virus found in this incoming message. >>>> Checked by AVG Free Edition. >>>> Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: >>>> >>>> >> 8/27/2007 >> >> >>>> 6:20 PM >>>> >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> Vyatta-users mailing list >>> Vyatta-users@mailman.vyatta.com >>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>> >>> >>> >> > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
