On Tue, 2 Apr 2013, Reindl Harald wrote:
Am 02.04.2013 01:25, schrieb Max Pyziur:
On Tue, 2 Apr 2013, Reindl Harald wrote:
Am 02.04.2013 01:12, schrieb Max Pyziur:
Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 > dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode.
I can make a connection, but I can't get a directory listing or transfer data/files
My firewall setting has port 21 open
I can remotely telnet to hostname 21
and you understood that ftp needs also a data-channel and not only the control-connection?
I assume that you are referring to the following vsftpd configuration file setting: # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES
no - port 20 has NOTHING t do with passive FTP
Btw, When ftping to another user on the same machine, there is no problem in making a connection or in transferring data
beause it is nor firewalled nor NAted
it's connections that our outside the box.
i bet you are behind a nat
iptables or the firewall needs to translate he answers of the servers you need to read some documentations how FTP works and how NAT works to undersatdn the details
Ok.
[root@srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config # Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which # are loaded after the firewall rules are applied. Options for the helpers are # stored in /etc/modprobe.conf. IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"
So, are you saying this last line is key?
Because on the CentOS 5 setup I see: IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp"
While on the CentOS 6 setup I see: IPTABLES_MODULES=""
What is the correct/recommended setting?
Max Pyziur pyz@brama.com
On Mon, Apr 1, 2013 at 8:04 PM, Max Pyziur pyz@brama.com wrote:
[root@srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config # Load additional iptables modules (nat helpers) # Default: -none- # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'),
which
# are loaded after the firewall rules are applied. Options for the
helpers are
# stored in /etc/modprobe.conf. IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"
So, are you saying this last line is key?
Because on the CentOS 5 setup I see: IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp"
While on the CentOS 6 setup I see: IPTABLES_MODULES=""
What is the correct/recommended setting?
You need ip_conntrack_ftp added to your IPTABLES_MODULES in /etc/sysconfig/iptables-config. Add that module name, restart iptables, double check your firewall rules (allow TCP port 21), and try to FTP into your box.
You could have switched your FTP client to active FTP rather than passive (generally the default). The link to slacksite link below explains active and passive FTP.
Max Pyziur pyz@brama.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Max Pyziur -
SilverTip257