[CentOS] Vsftpd configuration problem

Tue Apr 2 00:04:24 UTC 2013
Max Pyziur <pyz at brama.com>

On Tue, 2 Apr 2013, Reindl Harald wrote:

>
>
> Am 02.04.2013 01:25, schrieb Max Pyziur:
>> On Tue, 2 Apr 2013, Reindl Harald wrote:
>>
>>>
>>>
>>> Am 02.04.2013 01:12, schrieb Max Pyziur:
>>>> Beginning today, I started to receive the following when ftp'ing to my
>>>> CentOS 6 machine:
>>>> ncftp /home/pyz2 > dir
>>>> connect failed: No route to host.
>>>> connect failed: No route to host.
>>>> connect failed: No route to host.
>>>> Falling back to PORT instead of PASV mode.
>>>>
>>>> I can make a connection, but I can't get a directory listing or transfer
>>>> data/files
>>>>
>>>> My firewall setting has port 21 open
>>>>
>>>> I can remotely telnet to hostname 21
>>>
>>> and you understood that ftp needs also a data-channel
>>> and not only the control-connection?
>>
>> I assume that you are referring to the following vsftpd configuration file setting:
>> # Make sure PORT transfer connections originate from port 20 (ftp-data).
>> connect_from_port_20=YES
>
> no - port 20 has NOTHING t do with passive FTP
>
>> Btw, When ftping to another user on the same machine, there is no problem in
>> making a connection or in transferring data
>
> beause it is nor firewalled nor NAted
>
>> it's connections that our outside the box.
>
> i bet you are behind a nat
>
> iptables or the firewall needs to translate he answers of the servers
> you need to read some documentations how FTP works and how NAT
> works to undersatdn the details

Ok.

> [root at srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config
> # Load additional iptables modules (nat helpers)
> #   Default: -none-
> # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
> # are loaded after the firewall rules are applied. Options for the helpers are
> # stored in /etc/modprobe.conf.
> IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"

So, are you saying this last line is key?

Because on the CentOS 5 setup I see:
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp"

While on the CentOS 6 setup I see:
IPTABLES_MODULES=""

What is the correct/recommended setting?

>>> http://slacksite.com/other/ftp.html
>
>


Max Pyziur
pyz at brama.com