[opensuse] OpenSuSE 11.4 and conntrack ftp (kernel 2.6.37.6-0.5-default)
Hello all, After the upgrade to OpenSuSE 11.4, i have some problems with the clients using FTP behind the firewall. My firewall loads this modules: modprobe ip_conntrack_ftp modprobe ip_nat_ftp And before the upgrade, no problem at all. Now, some strange problems: sometimes the passive connections works, sometimes not... Here is an example: root@web1[~]: ftp ftp.unina.it Connected to ftp.unina.it. 220 ftp.unina.it NcFTPd Server (free educational license) ready. Name (ftp.unina.it:pss): ftp 421 Disconnecting you since you didn't login successfully within 15 seconds. ftp: Login failed. ftp> exit root@web1[~]: ftp ftp.unina.it Connected to ftp.unina.it. 220 ftp.unina.it NcFTPd Server (free educational license) ready. Name (ftp.unina.it:pss): ftp 331 Guest login ok, send your complete e-mail address as password. Password: 230-You are user #4 of 50 simultaneous users allowed. 230- 230 Logged in anonymously. Remote system type is UNIX. Using binary mode to transfer files. ftp> passive off Passive mode: off; fallback to active mode: off. ftp> ls 502 Unimplemented command. 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> passive on Passive mode: on; fallback to active mode: off. ftp> ls 227 Entering 192,132,34,17,176,532,34,17,176,5) ftp: connect: Connection refused ftp> ls 227 Entering 192,132,34,17,176,532,34,17,176,5) ftp: connect: Connection refused ftp> ls 227 Entering 192,132,34,17,176,532,34,17,176,5) ftp: connect: Connection refused ftp> passive Passive mode: off; fallback to active mode: off. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> passive Passive mode: on; fallback to active mode: on. ftp> ls 227 Entering 192,132,34,17,201,148,34,17,201,148) 150 Data connection accepted from 195.31.196.107:35143; transfer starting. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> passive on Passive mode: on; fallback to active mode: off. ftp> ls 227 Entering 192,132,34,17,221,141,34,17,221,141) 150 Data connection accepted from 195.31.196.107:41809; transfer starting. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> exit 221 Goodbye. What's wrong? Cordially, Claudio Prono. -- -------------------------------------------------------------------------------- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer -------------------------------------------------------------------------------- PGP Key - http://keys.atpss.net/c_prono.asc -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Il 12/07/2011 13.08, Claudio Prono ha scritto:
Hello all,
After the upgrade to OpenSuSE 11.4, i have some problems with the clients using FTP behind the firewall.
My firewall loads this modules:
modprobe ip_conntrack_ftp modprobe ip_nat_ftp
And before the upgrade, no problem at all.
Now, some strange problems: sometimes the passive connections works, sometimes not...
Here is an example:
root@web1[~]: ftp ftp.unina.it Connected to ftp.unina.it. 220 ftp.unina.it NcFTPd Server (free educational license) ready. Name (ftp.unina.it:pss): ftp 421 Disconnecting you since you didn't login successfully within 15 seconds. ftp: Login failed. ftp> exit root@web1[~]: ftp ftp.unina.it Connected to ftp.unina.it. 220 ftp.unina.it NcFTPd Server (free educational license) ready. Name (ftp.unina.it:pss): ftp 331 Guest login ok, send your complete e-mail address as password. Password: 230-You are user #4 of 50 simultaneous users allowed. 230- 230 Logged in anonymously. Remote system type is UNIX. Using binary mode to transfer files. ftp> passive off Passive mode: off; fallback to active mode: off. ftp> ls 502 Unimplemented command. 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> passive on Passive mode: on; fallback to active mode: off. ftp> ls 227 Entering 192,132,34,17,176,532,34,17,176,5) ftp: connect: Connection refused ftp> ls 227 Entering 192,132,34,17,176,532,34,17,176,5) ftp: connect: Connection refused ftp> ls 227 Entering 192,132,34,17,176,532,34,17,176,5) ftp: connect: Connection refused ftp> passive Passive mode: off; fallback to active mode: off. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for /bin/ls. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> passive Passive mode: on; fallback to active mode: on. ftp> ls 227 Entering 192,132,34,17,201,148,34,17,201,148) 150 Data connection accepted from 195.31.196.107:35143; transfer starting. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> passive on Passive mode: on; fallback to active mode: off. ftp> ls 227 Entering 192,132,34,17,221,141,34,17,221,141) 150 Data connection accepted from 195.31.196.107:41809; transfer starting. drwxr-xr-x 2 ftpuser ftpusers 1776 May 15 2007 images -rw-r--r-- 1 ftpuser ftpusers 27866 Jan 14 18:05 index.html -rw-r--r-- 1 ftpuser ftpusers 24855 Jan 14 17:34 index2.html drwxr-xr-x 10 ftpuser ftpusers 360 May 2 16:15 pub 226 Listing completed. ftp> exit 221 Goodbye.
What's wrong?
Cordially,
Claudio Prono.
No one have a similar problem ? I have that problem in all the new firewalls installed with OpenSuSE 11.4... -- -------------------------------------------------------------------------------- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer -------------------------------------------------------------------------------- PGP Key - http://keys.atpss.net/c_prono.asc -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Claudio Prono wrote:
Il 12/07/2011 13.08, Claudio Prono ha scritto:
Hello all,
After the upgrade to OpenSuSE 11.4, i have some problems with the clients using FTP behind the firewall.
My firewall loads this modules:
modprobe ip_conntrack_ftp modprobe ip_nat_ftp
And before the upgrade, no problem at all.
Now, some strange problems: sometimes the passive connections works, sometimes not...
[snip]
No one have a similar problem ? I have that problem in all the new firewalls installed with OpenSuSE 11.4...
My firewall is still 11.0 - I haven't had reason to upgrade. -- Per Jessen, Zürich (19.2°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2011-07-13 12:39, Claudio Prono wrote:
No one have a similar problem ? I have that problem in all the new firewalls installed with OpenSuSE 11.4...
I'm too sleepy to read carefully your post, but I did have problems with FTP and the firewall. I tried several things, and wrote about it here. Search for these posts: What is the currently recommented firwall settings recommended for FTP? (2011-04-30) (Yep, incorrect wording on the tittle :-( ) - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEUEARECAAYFAk4eMmUACgkQtTMYHG2NR9X+NACXcoa5LH+8NFwf9DwGzukJOwQN XgCfZyRj90qGgnGDZC77Cv+9Sz9wfjE= =wxSn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Il 14/07/2011 2.03, Carlos E. R. ha scritto:
On 2011-07-13 12:39, Claudio Prono wrote:
No one have a similar problem ? I have that problem in all the new firewalls installed with OpenSuSE 11.4...
I'm too sleepy to read carefully your post, but I did have problems with FTP and the firewall. I tried several things, and wrote about it here. Search for these posts:
What is the currently recommented firwall settings recommended for FTP? (2011-04-30)
(Yep, incorrect wording on the tittle :-( )
Interesting, but my problem is of different nature: The same firewall on OpenSuSE 11.1 is working perfectly, on OpenSuSE 11.4 have some strange problems with the passive mode of the FTPs. The module nf_conntrack_ftp is naturally loaded... For that reason i think there is some problem with the new kernel and the conntrack_ftp module... or something i don't know maybe.... Claudio. -- -------------------------------------------------------------------------------- Claudio Prono OPST System Developer Gsm: +39-349-54.33.258 @PSS Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://atpss.net/disclaimer -------------------------------------------------------------------------------- PGP Key - http://keys.atpss.net/c_prono.asc -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R. -
Claudio Prono -
Per Jessen