FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-06-2008, 03:04 AM
John R Pierce
 
Default vsftpd and active mode connections causes FTP session to hang

Filipe Brandenburger wrote:

On Thu, Jun 5, 2008 at 2:05 PM, Timothy Selivanow
<timothy.selivanow@virtualxistenz.com> wrote:


things like 'put' and 'get', etc.), the connection hangs. If you wait a
bit it returns with a "425 Failed to establish connection". I've tried



Is the FTP client behind NAT? If it is then active FTP won't work,
since the client will request the server to connect to the internal
IP.




its somewhat more complex than that. many NAT boxes (home routers,
etc) recognize FTP on port 21, and monitor the PORT commands, and mangle
them automatically. A linux masquerading server can do this too, with
the right ip_masq module. if the FTP is running on a nonstandard
port other than 21, the automagic stuff won't work. If the FTP
/server/ is behind NAT using a port forward, it also gets messy.

there's a detailed discussion of these and other salient points here,
http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html it bears
reading carefully.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 07:30 PM
Timothy Selivanow
 
Default vsftpd and active mode connections causes FTP session to hang

On Thu, 2008-06-05 at 20:04 -0700, John R Pierce wrote:
> Filipe Brandenburger wrote:
> > On Thu, Jun 5, 2008 at 2:05 PM, Timothy Selivanow
> > <timothy.selivanow@virtualxistenz.com> wrote:
> >
> >> things like 'put' and 'get', etc.), the connection hangs. If you wait a
> >> bit it returns with a "425 Failed to establish connection". I've tried
> >>
> >
> > Is the FTP client behind NAT? If it is then active FTP won't work,
> > since the client will request the server to connect to the internal
> > IP.
> >
>
>
> its somewhat more complex than that. many NAT boxes (home routers,
> etc) recognize FTP on port 21, and monitor the PORT commands, and mangle
> them automatically. A linux masquerading server can do this too, with
> the right ip_masq module. if the FTP is running on a nonstandard
> port other than 21, the automagic stuff won't work. If the FTP
> /server/ is behind NAT using a port forward, it also gets messy.
>
> there's a detailed discussion of these and other salient points here,
> http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html it bears
> reading carefully.

There's no NAT'ing occuring in my tests (all machines, including my
workstation are not using RFC1918 addresses, some of the core routing
infrastructure is, but it's all routable and not NAT'd). There are
various routers and firewalls between my workstation and the hosts, but
all ACL's and firewall rule sets allow my traffic unimpeded to my
testing hosts and the customer's hosts.

The frustrating thing is, it happens on all of the CentOS 5 machines
I've tested on.


--Tim
____________________________________________
< Invest in physics -- own a piece of Dirac! >
--------------------------------------------


/
( )
.( o ).

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org