Greetings, Beginning today, I started to receive the following when ftp'ing to my CentOS 6 machine: ncftp /home/pyz2 > dir connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. Falling back to PORT instead of PASV mode. I can make a connection, but I can't get a directory listing or transfer data/files. I'm flummoxed. What I had been doing is adding more directives to my /etc/hosts.deny file, today to include certain categories of ip addresses for the vsftpd service. I unwound that after I saw the problem starting to occur, and have restarted vsftpd several times. That hasn't changed the above issue. And yes, I've googled. My firewall setting has port 21 open. I can remotely telnet to hostname 21 and I get a response indicating that the port is open. Any advice would be appreciated. Much thanks. Max Pyziur pyz at brama.com
On Tue, 2 Apr 2013, Reindl Harald wrote:> > > Am 02.04.2013 01:12, schrieb Max Pyziur: >> Beginning today, I started to receive the following when ftp'ing to my >> CentOS 6 machine: >> ncftp /home/pyz2 > dir >> connect failed: No route to host. >> connect failed: No route to host. >> connect failed: No route to host. >> Falling back to PORT instead of PASV mode. >> >> I can make a connection, but I can't get a directory listing or transfer >> data/files >> >> My firewall setting has port 21 open >> >> I can remotely telnet to hostname 21 > > and you understood that ftp needs also a data-channel > and not only the control-connection?I assume that you are referring to the following vsftpd configuration file setting: # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES Btw, When ftping to another user on the same machine, there is no problem in making a connection or in transferring data; it's connections that our outside the box.> http://slacksite.com/other/ftp.html > >MP
On Mon, 1 Apr 2013, lists-centos wrote:> > > ------------ Original Message ------------ >> Date: Monday, April 01, 2013 07:12:53 PM -0400 >> From: Max Pyziur <pyz at brama.com> >> To: centos at centos.org >> Cc: >> Subject: [CentOS] Vsftpd configuration problem >> >> >> Greetings, >> >> Beginning today, I started to receive the following when ftp'ing >> to my CentOS 6 machine: >> ncftp /home/pyz2 > dir >> connect failed: No route to host. >> connect failed: No route to host. >> connect failed: No route to host. >> Falling back to PORT instead of PASV mode. >> >> I can make a connection, but I can't get a directory listing or >> transfer data/files. >> >> I'm flummoxed. >> >> What I had been doing is adding more directives to my >> /etc/hosts.deny file, today to include certain categories of ip >> addresses for the vsftpd service. >> >> I unwound that after I saw the problem starting to occur, and have >> restarted vsftpd several times. >> >> That hasn't changed the above issue. >> >> And yes, I've googled. >> >> My firewall setting has port 21 open. >> >> I can remotely telnet to hostname 21 >> >> and I get a response indicating that the port is open. >> >> Any advice would be appreciated. >> >> Much thanks. >> >> Max Pyziur >> pyz at brama.com > > ftp uses port 21 for the "connection" and port 20 for the "data", > which includes directory listings as well as the file transfer > proper - see /etc/services. so if you have port 20 blocked that > would explain your problem.Does port 20 have to be open in the firewall? If so, this would be the first machine where I have explicitly set this.> - Richard > > >Max
On Tue, 2 Apr 2013, Reindl Harald wrote:> > > Am 02.04.2013 01:12, schrieb Max Pyziur: >> Beginning today, I started to receive the following when ftp'ing to my >> CentOS 6 machine: >> ncftp /home/pyz2 > dir >> connect failed: No route to host. >> connect failed: No route to host. >> connect failed: No route to host. >> Falling back to PORT instead of PASV mode. >> >> I can make a connection, but I can't get a directory listing or transfer >> data/files >> >> My firewall setting has port 21 open >> >> I can remotely telnet to hostname 21 > > and you understood that ftp needs also a data-channel > and not only the control-connection? > > http://slacksite.com/other/ftp.htmlWhen ftping to the machine, the following is reported from an lsof -i: ~> lsof -i | grep ftp vsftpd 18051 root 3u IPv4 47313973 0t0 TCP *:ftp (LISTEN) vsftpd 18448 nobody 0u IPv4 47318710 0t0 TCP brama.com:ftp->pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd 18448 nobody 1u IPv4 47318710 0t0 TCP brama.com:ftp->pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd 18448 nobody 2u IPv4 47318710 0t0 TCP brama.com:ftp->pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd 18465 pyz2 0u IPv4 47318710 0t0 TCP brama.com:ftp->pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd 18465 pyz2 1u IPv4 47318710 0t0 TCP brama.com:ftp->pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) vsftpd 18465 pyz2 2u IPv4 47318710 0t0 TCP brama.com:ftp->pool-72-89-118-134.nycmny.east.verizon.net:50298 (ESTABLISHED) fyi, MP pyz at brama.com
On Tue, 2 Apr 2013, Reindl Harald wrote:> > > Am 02.04.2013 01:25, schrieb Max Pyziur: >> On Tue, 2 Apr 2013, Reindl Harald wrote: >> >>> >>> >>> Am 02.04.2013 01:12, schrieb Max Pyziur: >>>> Beginning today, I started to receive the following when ftp'ing to my >>>> CentOS 6 machine: >>>> ncftp /home/pyz2 > dir >>>> connect failed: No route to host. >>>> connect failed: No route to host. >>>> connect failed: No route to host. >>>> Falling back to PORT instead of PASV mode. >>>> >>>> I can make a connection, but I can't get a directory listing or transfer >>>> data/files >>>> >>>> My firewall setting has port 21 open >>>> >>>> I can remotely telnet to hostname 21 >>> >>> and you understood that ftp needs also a data-channel >>> and not only the control-connection? >> >> I assume that you are referring to the following vsftpd configuration file setting: >> # Make sure PORT transfer connections originate from port 20 (ftp-data). >> connect_from_port_20=YES > > no - port 20 has NOTHING t do with passive FTP > >> Btw, When ftping to another user on the same machine, there is no problem in >> making a connection or in transferring data > > beause it is nor firewalled nor NAted > >> it's connections that our outside the box. > > i bet you are behind a nat > > iptables or the firewall needs to translate he answers of the servers > you need to read some documentations how FTP works and how NAT > works to undersatdn the detailsOk.> [root at srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config > # Load additional iptables modules (nat helpers) > # Default: -none- > # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which > # are loaded after the firewall rules are applied. Options for the helpers are > # stored in /etc/modprobe.conf. > IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp"So, are you saying this last line is key? Because on the CentOS 5 setup I see: IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp" While on the CentOS 6 setup I see: IPTABLES_MODULES="" What is the correct/recommended setting?>>> http://slacksite.com/other/ftp.html > >Max Pyziur pyz at brama.com
Max Pyziur
2013-Apr-02  00:30 UTC
[CentOS] [SOLVED] it was an iptables-config setting, was Re: Vsftpd configuration problem
On Tue, 2 Apr 2013, Reindl Harald wrote:> > > Am 02.04.2013 02:04, schrieb Max Pyziur: >>> [root at srv-rhsoft:~]$ cat /etc/sysconfig/iptables-config >>> # Load additional iptables modules (nat helpers) >>> # Default: -none- >>> # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which >>> # are loaded after the firewall rules are applied. Options for the helpers are >>> # stored in /etc/modprobe.conf. >>> IPTABLES_MODULES="nf_conntrack_ftp nf_nat_ftp" >> >> So, are you saying this last line is key? > > it is on my fedora machines acting as FTP behind a NAT > >> Because on the CentOS 5 setup I see: >> IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp" >> >> While on the CentOS 6 setup I see: >> IPTABLES_MODULES="" >> >> What is the correct/recommended setting? > > there is no "correct/recommended setting" > > if you are behind a NAT you need a different config as if you are > have a public IP on your machine, that is why configs existsNot behind a NAT ...> with passive FTP the server anserwers with port AND ip-address > for the data-connection (which is a idiotic design but it is how > it is) and if the client follows this response it fails > > so the way to go is translate the response in whatever > stateful filter in fornt of the FTP server > > this is called ALG (application layer gateway) and part > of any relieable stateful packet filterAdding the following line to /etc/sysconfig/iptables-config "got me home:" IPTABLES_MODULES="ip_conntrack_ftp" Along with the above dialogue, the following page helped (me): http://www.linuxquestions.org/questions/linux-networking-3/iptables-configuration-for-passive-ftp-connection-633774/ Thanks. Max Pyziur pyz at brama.com
Hi Max, It looks like a network issue instead of the software. Falling back to PORT sounds like to ACTIVE mode from PASV mode. In PASV, you will be connecting to a random port told by server with a random port from your side. Do you have a firewall to block such traffic that the system will send out port unreachable ICMP? Maybe you can do a tcpdump to see what it is going on. For PASV, you can only use "host <client> and host <server> and tcp and not port 22" as the filter. It's not effective but it will collect what you want to locate the issue. Best regards, ------------ Banyan He Blog: http://www.rootong.com Email: banyan at rootong.com On 4/2/2013 7:12 AM, Max Pyziur wrote:> Greetings, > > Beginning today, I started to receive the following when ftp'ing to my > CentOS 6 machine: > ncftp /home/pyz2 > dir > connect failed: No route to host. > connect failed: No route to host. > connect failed: No route to host. > Falling back to PORT instead of PASV mode. > > I can make a connection, but I can't get a directory listing or transfer > data/files. > > I'm flummoxed. > > What I had been doing is adding more directives to my /etc/hosts.deny > file, today to include certain categories of ip addresses for the vsftpd > service. > > I unwound that after I saw the problem starting to occur, and have > restarted vsftpd several times. > > That hasn't changed the above issue. > > And yes, I've googled. > > My firewall setting has port 21 open. > > I can remotely telnet to hostname 21 > > and I get a response indicating that the port is open. > > Any advice would be appreciated. > > Much thanks. > > Max Pyziur > pyz at brama.com > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
Bruce Whealton
2013-Apr-02  21:45 UTC
[CentOS] Repartitioning issues - advice needed, and info.
On 4/2/2013 12:33 PM, Bruce Whealton wrote:> I mapped the domain futurewavewebhosting.com to the location first > specified in httpd.conf, which is/var/www/html/public_html/ So, > owncloud is in /var/www/html/public_html/owncloud > Just to be able to figure out how to setup virtual hosts, I setup them > at /var/www/vhosts/mydomain.com/so what is using all the space in /etc ?!? as I said before, /etc should NOT be a separate file system, it should be part of the / and its usually 50-100MB, rarely any bigger, as it just contains configuration files and startup scripts.>>>I apologize for the confusion. I was discussing both a remote dedicated hosting plan and a home/business server. The above remarks relate to the local system. On that system it is the /tmp partition that is full. [Note: remote dedicated server is not letting me ssh, or sftp to it, browse to the domains, or use regular ftp to reach the domains. Apparently, the web hosting provider is not having this problem. They say they can ftp, ssh, etc. Therefore, I asked them to check to see if my IP is being blocked as that seems the only explanation as to why they can connect. Can someone check the domain: http://futurewavehosting.com/drupal/ On my local machine, I tried to install Centos to a different drive and it reports Kernel panic - not synching: Attempted to kill init!... I tried it with the liveISO disk, I will try installing from an installation disk - I had burned disk1 ISO and disk2 ISO to two different DVDs. It never asked for disk2 though. Bruce -- john r pierce 37N 122W somewhere on the middle of the left coast _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos