I just installed CentOS4 on my main server. It runs proftpd and is not NATted..
When I did the install I said to allow FTP and HTTP. I can ftp from windows dos ftp client.
In IE I get "Unable to build data connection: No route to host"
ncftp I get.. Data connection timed out. Falling back to PORT instead of PASV mode. List failed.
Wget and FireFox just time out.
Anything I need to add to the firewall rules? This is all it has related to FTP. -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT
On Thu, 2005-07-07 at 16:55 -0700, Dave wrote:
I just installed CentOS4 on my main server. It runs proftpd and is not NATted..
When I did the install I said to allow FTP and HTTP. I can ftp from windows dos ftp client.
In IE I get "Unable to build data connection: No route to host"
ncftp I get.. Data connection timed out. Falling back to PORT instead of PASV mode. List failed.
Wget and FireFox just time out.
Anything I need to add to the firewall rules? This is all it has related to FTP. -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT
You need to load the ip_conntrack_ftp.ko module.
You'll also need to open the ports for PASSV support. Some ftp servers let you pin those in the config.
Sean
On Thu, 2005-07-07 at 16:55 -0700, Dave wrote:
I just installed CentOS4 on my main server. It runs proftpd and is not NATted..
When I did the install I said to allow FTP and HTTP. I can ftp from windows dos ftp client.
In IE I get "Unable to build data connection: No route to host"
ncftp I get.. Data connection timed out. Falling back to PORT instead of PASV mode. List failed.
Wget and FireFox just time out.
Anything I need to add to the firewall rules? This is all it has related to FTP. -A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 21 --state NEW -j ACCEPT
These 2 will allow you to connect to port 80 ... if you are running httpd:
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Here are the differences between passive mode and active mode FTP ... and why passive mode is probably best to set up on your server.
http://slacksite.com/other/ftp.html
You will need to allow the passive mode ftp ports you pick in as well ... if you picked 22222 to 22232 (you would need to set up your ftp server for passive mode ftp), then this should work:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22222:22232 -j ACCEPT
On Thursday 07 July 2005 04:55 pm, Dave wrote:
I just installed CentOS4 on my main server. It runs proftpd and is not NATted..
When I did the install I said to allow FTP and HTTP. I can ftp from windows dos ftp client.
In IE I get "Unable to build data connection: No route to host"
ncftp I get.. Data connection timed out. Falling back to PORT instead of PASV mode. List failed.
You might want to look at the thread I started yesterday:
ftp daemon problem
I got some good help there from Barry Brimer.
I did a bit of research on the 'net and discovered that my firewall (I use the "kiss" firewall, it's available on the net and is a front-end for creating a netfilter firewall using iptables)...
... was attempting to load:
ip_conntrack_ftp.o
which no longer exists; it's been renamed:
ip_conntrack_ftp.ko
So I changed one line in the kiss firewall, to load the right file, and presto, ftp works fine in both active and passive mode.
Thanks, Barry, for leading me in the right direction, and I hope this helps you.
Jeff
On 7/7/05, Jeff Lasman blists@nobaloney.net wrote:
On Thursday 07 July 2005 04:55 pm, Dave wrote:
I just installed CentOS4 on my main server. It runs proftpd and is not NATted..
ip_conntrack_ftp.o
which no longer exists; it's been renamed:
ip_conntrack_ftp.ko
That seems to be it. I had tried that a few days ago while trouble shooting a few other things and never went back to investigate more, when I did insmod I got.. insmod: can't read 'ip_conntrack_ftp.ko': No such file or directory
After the messages here I put in the full path, now ftpd is working. Not sure why I have to use the full path.
Thanks everyone :)
Am Fr, den 08.07.2005 schrieb Dave um 20:04:
That seems to be it. I had tried that a few days ago while trouble shooting a few other things and never went back to investigate more, when I did insmod I got.. insmod: can't read 'ip_conntrack_ftp.ko': No such file or directory
After the messages here I put in the full path, now ftpd is working. Not sure why I have to use the full path.
Because you are using insmod. The better command is to use "modprobe ip_conntrack_ftp". To have that done automatically each system start put the module in /etc/sysconfig/iptables-config into IPTABLES_MODULES="".
Alexander
-
Alexander Dalloz -
Dave -
Jeff Lasman -
Johnny Hughes -
Sean O'Connell