Mailinglist Archive: opensuse (933 mails)
| < Previous | Next > |
Re: [opensuse] vsftpd stopped working after power outage or using Yast2 Installation Server.
- From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
- Date: Fri, 11 Jun 2010 22:44:40 +0200
- Message-id: <4C12A038.20208@xxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2010-06-11 19:50, Boyd Lynn Gerber wrote:
That's a firewall problem; you have to look at the firewall logs, both on
server and client. A
network capture (ethereal aka wireshark) might help.
http://en.wikipedia.org/wiki/Ftp
- -----
FTP can be run in active mode or passive mode, which control how the second
connection is opened. In
active mode the client sends the server the IP address port number that the
client will use for the
data connection, and the server opens the connection. Passive mode was devised
for use where the
client is behind a firewall and unable to accept incoming TCP connections. The
server sends the
client an IP address and port number and the client opens the connection to the
server.[3] Both
modes were updated in September 1998 to add support for IPv6 and made some
other changes to passive
mode, making it extended passive mode[5].
- ------
Passive mode is easier on the client side (for the firewall), but difficult on
the server. Active
mode is easier on the server, dificult on the client. The problem is having to
open a second
"random" port that is not known when the firewall is configured, so it has to
be opened at runtime.
Thus the firewall has to have knowledge of the ftp connection, it has to track
it.
The symptom is a failed data connection.
NAT is also a problem; readiing from the wikipedia again:
- -----
The representation of the IP addresses and port numbers in the PORT command and
PASV reply poses a
challenge to FTP in traversing Network address translators (NAT). The NAT
device must alter these
values, so that they contain the IP address of the NAT-ed client, and a port
chosen by the NAT
device for the data connection. The new address and port will probably differ
in length in their
decimal representation from the original address and port. Such translation is
not usually performed
in most NAT devices, but special application layer gateways exist for this
purpose.
- -----
This is consistent with you not seeing entries in the server log. You might see
entries in the
firewall log.
- --
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 "Emerald" GM (Elessar))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAkwSoDcACgkQU92UU+smfQVoBACffCp0ke1xKWbiCG4HEKNiGujx
yV4AnR8RX5SemPsqyNR3SO18IJUvJ5SL
=YtWs
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Hash: SHA1
On 2010-06-11 19:50, Boyd Lynn Gerber wrote:
On Fri, 11 Jun 2010, Michael S. Dunsavage wrote:
On 06/11/2010 12:41 PM, Boyd Lynn Gerber wrote:
also what happens when you try to connect? also see if there is an ftp
log in /var/log somewhere. It's been a long time since I've ran any ftp
server except sftp with ssh.
ncftp ftp://ftp.zenez.com/
NcFTP 3.2.3 (Jul 28, 2009) by Mike Gleason
(http://www.NcFTP.com/contact/).
Connecting to 198.60.105.20...
"Welcome to ZENEZ FTP Server."
Logging in...
Login successful.
Logged in to ftp.zenez.com.
Current remote directory is /.
ncftp / > dir
Data connection timed out.
Data connection timed out.
Data connection timed out.
Falling back to PORT instead of PASV mode.
List failed.
ncftp / > quit
That's a firewall problem; you have to look at the firewall logs, both on
server and client. A
network capture (ethereal aka wireshark) might help.
http://en.wikipedia.org/wiki/Ftp
- -----
FTP can be run in active mode or passive mode, which control how the second
connection is opened. In
active mode the client sends the server the IP address port number that the
client will use for the
data connection, and the server opens the connection. Passive mode was devised
for use where the
client is behind a firewall and unable to accept incoming TCP connections. The
server sends the
client an IP address and port number and the client opens the connection to the
server.[3] Both
modes were updated in September 1998 to add support for IPv6 and made some
other changes to passive
mode, making it extended passive mode[5].
- ------
Passive mode is easier on the client side (for the firewall), but difficult on
the server. Active
mode is easier on the server, dificult on the client. The problem is having to
open a second
"random" port that is not known when the firewall is configured, so it has to
be opened at runtime.
Thus the firewall has to have knowledge of the ftp connection, it has to track
it.
The symptom is a failed data connection.
NAT is also a problem; readiing from the wikipedia again:
- -----
The representation of the IP addresses and port numbers in the PORT command and
PASV reply poses a
challenge to FTP in traversing Network address translators (NAT). The NAT
device must alter these
values, so that they contain the IP address of the NAT-ed client, and a port
chosen by the NAT
device for the data connection. The new address and port will probably differ
in length in their
decimal representation from the original address and port. Such translation is
not usually performed
in most NAT devices, but special application layer gateways exist for this
purpose.
- -----
This is consistent with you not seeing entries in the server log. You might see
entries in the
firewall log.
- --
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 "Emerald" GM (Elessar))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAkwSoDcACgkQU92UU+smfQVoBACffCp0ke1xKWbiCG4HEKNiGujx
yV4AnR8RX5SemPsqyNR3SO18IJUvJ5SL
=YtWs
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |