[CentOS] vsftpd and active mode connections causes FTP session to hang
Timothy Selivanow
timothy.selivanow at virtualxistenz.com
Fri Jun 6 19:30:49 UTC 2008
On Thu, 2008-06-05 at 20:04 -0700, John R Pierce wrote:
> Filipe Brandenburger wrote:
> > On Thu, Jun 5, 2008 at 2:05 PM, Timothy Selivanow
> > <timothy.selivanow at virtualxistenz.com> wrote:
> >
> >> things like 'put' and 'get', etc.), the connection hangs. If you wait a
> >> bit it returns with a "425 Failed to establish connection". I've tried
> >>
> >
> > Is the FTP client behind NAT? If it is then active FTP won't work,
> > since the client will request the server to connect to the internal
> > IP.
> >
>
>
> its somewhat more complex than that. many NAT boxes (home routers,
> etc) recognize FTP on port 21, and monitor the PORT commands, and mangle
> them automatically. A linux masquerading server can do this too, with
> the right ip_masq module. if the FTP is running on a nonstandard
> port other than 21, the automagic stuff won't work. If the FTP
> /server/ is behind NAT using a port forward, it also gets messy.
>
> there's a detailed discussion of these and other salient points here,
> http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html it bears
> reading carefully.
There's no NAT'ing occuring in my tests (all machines, including my
workstation are not using RFC1918 addresses, some of the core routing
infrastructure is, but it's all routable and not NAT'd). There are
various routers and firewalls between my workstation and the hosts, but
all ACL's and firewall rule sets allow my traffic unimpeded to my
testing hosts and the customer's hosts.
The frustrating thing is, it happens on all of the CentOS 5 machines
I've tested on.
--Tim
____________________________________________
< Invest in physics -- own a piece of Dirac! >
--------------------------------------------
\
\ \
\ /\
( )
.( o ).
More information about the CentOS
mailing list