New install of CentOS 4.1; our first try at the 4.x.
On previous 3.x installs we've used proftpd.
On this one we're using (trying to use is a better statement of what we're going through) the default daemon, /usr/sbin/vsftpd.
But we don't get anywhere.
<snip> ftp> passiv Passive mode off. ftp> put ~/xorg.conf.work local: /home/jlasman/xorg.conf.work remote: /home/jlasman/xorg.conf.work 200 PORT command successful. Consider using PASV. 553 Could not create file. </snip>
and
<snip> ftp> pass Passive mode on. ftp> put ~/xorg.conf.work local: /home/jlasman/xorg.conf.work remote: /home/jlasman/xorg.conf.work 227 Entering Passive Mode (65,58,240,217,174,30) ftp: connect: Connection timed out </snip>
When we turn off our firewall (which allows passive under CentOS 3 on a 2.4 kernel) we don't get the connection timeout on passive transfers, but we still get the 533.
Any ideas where we should go from here?
Perhaps install proftpd? I'm willing to, but I shouldn't have to.
Thanks.
Jeff
Quoting Jeff Lasman blists@nobaloney.net:
New install of CentOS 4.1; our first try at the 4.x.
On previous 3.x installs we've used proftpd.
On this one we're using (trying to use is a better statement of what we're going through) the default daemon, /usr/sbin/vsftpd.
But we don't get anywhere.
Is there any NAT involved on the client or server end? If so, are you using ip_nat_ftp and ip_conntrack_ftp?
<snip> ftp> passiv Passive mode off. ftp> put ~/xorg.conf.work local: /home/jlasman/xorg.conf.work remote: /home/jlasman/xorg.conf.work 200 PORT command successful. Consider using PASV. 553 Could not create file. </snip>
and
<snip> ftp> pass Passive mode on. ftp> put ~/xorg.conf.work local: /home/jlasman/xorg.conf.work remote: /home/jlasman/xorg.conf.work 227 Entering Passive Mode (65,58,240,217,174,30) ftp: connect: Connection timed out </snip>
When we turn off our firewall (which allows passive under CentOS 3 on a 2.4 kernel) we don't get the connection timeout on passive transfers, but we still get the 533.
Any ideas where we should go from here?
Long shot. Does your FTP server chroot your users? If so, the remote end may not be able to handle /home/jlasman/<filename> because it would already see /home/jlasman as / and therefore would require a home and home/jlasman to be able to place the file where you have indicated.
Is there any difference trying to ftp to localhost or a network interface?
Best of luck!
Barry
On Wednesday 06 July 2005 10:38 pm, Barry Brimer wrote:
Is there any NAT involved on the client or server end? If so, are you using ip_nat_ftp and ip_conntrack_ftp?
No NAT on the server end. We can't control the client end; it's a webhosting server. Are you saying I need those to get through the firewall? I didn't using kernel 2.4, but I'll do some research.
However, once I'm in, why don't I have rights to save files?
If our clients can't save their websites then 4.x is worthless to us no matter how many good features it has.
Any ideas?
Thanks.
Jeff
On Wednesday 06 July 2005 10:38 pm, Barry Brimer wrote:
Is there any NAT involved on the client or server end? If so, are you using ip_nat_ftp and ip_conntrack_ftp?
The above lines led me in the right direction.
I needed to load ip_conntrack_ftp. My firewall, the "kiss" firewall (it manages netfilter through iptables) was attempting to load ip_conntrack_ftp.o, instead of ip_conntrack_ftp.ko.
One letter fix to the kiss firewall code, and the active/passive problem fixed.
When we turn off our firewall (which allows passive under CentOS 3 on a 2.4 kernel) we don't get the connection timeout on passive transfers, but we still get the 533.
Any ideas where we should go from here?
Long shot. Does your FTP server chroot your users? If so, the remote end may not be able to handle /home/jlasman/<filename> because it would already see /home/jlasman as / and therefore would require a home and home/jlasman to be able to place the file where you have indicated.
It was simpler and stupider...
Once I got the active/passive thingy fixed, I still had the 553 error, so I switched the user to the bash shell. Then I didn't have the 553 error anymore.
But I knew that the nologin shell should have worked as well, since it's listed in /etc/shells.
So I changed the /etc/passwd file back to use the nologin shell, and it worked. So I must have had a typo in the /etc/passwd file last night.
So for now I'm (again and still) happy with CentOS 4.
Thanks everyone!
<smile>
Jeff
-
Barry Brimer -
Jeff Lasman