Hiya, I have recently changed my FTP server from vsftpd to another client. When I try and connect to this client I get this error. R] TYPE A [R] 200 Command okay [R] PRET LIST [R] 200 Command OK [R] PASV [R] 227 Entering Passive Mode (10,10,1,1,4,1) [R] Opening data connection IP: 10.10.1.1 PORT: 1025 [R] Data Socket Error: Connection failed [R] List Error I read in the FAQ about passive mode should be fine, and have gone through the documentaion, allthough I am sure I must have missed something. Any ideas as to what could be causing this problem Thanks for any help.
|nSaNe wrote:> Hiya, > > > I have recently changed my FTP server from vsftpd to another client. > > When I try and connect to this client I get this error. > > R] TYPE A > [R] 200 Command okay > [R] PRET LIST > [R] 200 Command OK > [R] PASV > [R] 227 Entering Passive Mode (10,10,1,1,4,1) > [R] Opening data connection IP: 10.10.1.1 PORT: 1025 > [R] Data Socket Error: Connection failed > [R] List Error > > > I read in the FAQ about passive mode should be fine, and have gone through the documentaion, allthough I am sure I must have missed something. > > Any ideas as to what could be causing this problem >You probably don''t have the proper kernel modules loaded -- see http://www.shorewall.net/FTP.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> |nSaNe wrote: > >> Hiya, >> >> >> I have recently changed my FTP server from vsftpd to another client. >> >> When I try and connect to this client I get this error. >> >> R] TYPE A >> [R] 200 Command okay >> [R] PRET LIST >> [R] 200 Command OK >> [R] PASV >> [R] 227 Entering Passive Mode (10,10,1,1,4,1) >> [R] Opening data connection IP: 10.10.1.1 PORT: 1025 >> [R] Data Socket Error: Connection failed >> [R] List Error >> >> >> I read in the FAQ about passive mode should be fine, and have gone >> through the documentaion, allthough I am sure I must have missed >> something. >> >> Any ideas as to what could be causing this problem >> > > You probably don''t have the proper kernel modules loaded -- see > http://www.shorewall.net/FTP.htmlAnd since Passive mode doesn''t work, the problem is most likely on the Server side rather than on the client side. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Hiya, I checked the modules loaded and it appears the correct ones are there, but here is the list anyway for double checking. ppp_synctty 7520 1 (autoclean) ppp_generic 24292 3 (autoclean) [ppp_synctty] slhc 6564 0 (autoclean) [ppp_generic] n_hdlc 7616 1 (autoclean) ipt_TOS 1592 12 (autoclean) ipt_MASQUERADE 2200 1 (autoclean) ipt_REJECT 3960 4 (autoclean) ipt_LOG 4184 6 (autoclean) ipt_state 1080 80 (autoclean) ip_nat_irc 3024 0 (unused) ip_nat_ftp 3696 0 (unused) ip_conntrack_irc 4400 1 ip_conntrack_ftp 5168 1 ipt_multiport 1176 4 (autoclean) ipt_conntrack 1560 0 (autoclean) iptable_filter 2316 1 (autoclean) iptable_mangle 2712 1 (autoclean) iptable_nat 20814 3 (autoclean) [ipt_MASQUERADE ip_nat_irc ip_nat_ftp] ip_conntrack 26468 5 (autoclean) [ipt_MASQUERADE ipt_state ip_nat_irc ip_nat_ftp ip_conntrack_irc ip_conntrack_ftp ipt_conntrack iptable_nat] ip_tables 15072 12 [ipt_TOS ipt_MASQUERADE ipt_REJECT ipt_LOG ipt_state ipt_multiport ipt_conntrack iptable_filter iptable_mangle iptable_nat] This bellow is the error I get in my syslog, and cant seem to find a solution anywhere. Apr 6 12:08:55 localhost wzdftpd[32284]: Connection opened from 10.10.1.253 Apr 6 12:09:06 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUTMAC=00:40:95:41:30:ca:00:00:e8:9e:15:2f:08:00 SRC=10$ Apr 6 12:09:06 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUTMAC=00:40:95:41:30:ca:00:00:e8:9e:15:2f:08:00 SRC=10$ Apr 6 12:09:07 localhost kernel: Shorewall:all2all:REJECT:IN=eth0 OUTMAC=00:40:95:41:30:ca:00:00:e8:9e:15:2f:08:00 SRC=10$ I am not sure what is causing it, I have my suspitions its the ftp server, but I am not 100% sure I am on Mandrake 9.2 9if it makes diffrence) and have allready applied the required editing (for FTP) as detailed on the shorewall homepage. ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Mailing List for Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Monday, April 05, 2004 6:27 PM Subject: Re: [Shorewall-users] ftp problems.> Tom Eastep wrote: > > |nSaNe wrote: > > > >> Hiya, > >> > >> > >> I have recently changed my FTP server from vsftpd to another client. > >> > >> When I try and connect to this client I get this error. > >> > >> R] TYPE A > >> [R] 200 Command okay > >> [R] PRET LIST > >> [R] 200 Command OK > >> [R] PASV > >> [R] 227 Entering Passive Mode (10,10,1,1,4,1) > >> [R] Opening data connection IP: 10.10.1.1 PORT: 1025 > >> [R] Data Socket Error: Connection failed > >> [R] List Error > >> > >> > >> I read in the FAQ about passive mode should be fine, and have gone > >> through the documentaion, allthough I am sure I must have missed > >> something. > >> > >> Any ideas as to what could be causing this problem > >> > > > > You probably don''t have the proper kernel modules loaded -- see > > http://www.shorewall.net/FTP.html > > And since Passive mode doesn''t work, the problem is most likely on the > Server side rather than on the client side. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe:https://lists.shorewall.net/mailman/listinfo/shorewall-users> Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >
|nSaNe wrote:> Hiya, > > > I checked the modules loaded and it appears the correct ones are there, but > here is the list anyway for double checking. >< module listing and useless log messages snipped> This is like pulling teeth.... Please tell us: a) Is Shorewall running on the FTP server? b) Is Shorewall running on a firewall in front of the server? c) Is Shorewall running on the client? d) Is Shorewall running on a firewall in front of the client? e) Which of the above possible firewall locations did you show us the lsmod output from? f) Which of the above possible firewall locations are you showing us log messages from? g) In your original post, you showed: > [R] TYPE A > [R] 200 Command okay > [R] PRET LIST > [R] 200 Command OK > [R] PASV > [R] 227 Entering Passive Mode (10,10,1,1,4,1) > [R] Opening data connection IP: 10.10.1.1 PORT: 1025 > [R] Data Socket Error: Connection failed > [R] List Error Where was this client running in relationship to the server? a) On a host in the ''net'' zone? b) On a host in the ''loc'' zone? c) On a host somewhere else? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 06 April 2004 08:51 pm, Tom Eastep wrote:> This is like pulling teeth....Cheer up Tom :) He might be just doing some typo on the config, or maybe it''s mdk9.2 blunder as I had. But, good news. Today, I have successfully replaced gShield in my gateway box with shorewall (shorewall 1.3.7 in mdk9.0). The pop3/smtp problem was because of typo in my qmail supervise script and not shorewall. All I did today, was double checking all shorewall configs, stop gshield, and fire up shorewall. Voila! The users didn''t even notice the difference, but, with shorewall now I can monitor the connections, etc. Great job Tom! Thanks. - -- Fajar Priyanto | Reg''d Linux User #327841 | http://linux.arinet.org 21:05:34 up 58 min, Mandrake Linux release 9.2 (FiveStar) for i586 public key: https://www.arinet.org/fajar-pub.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAcrpRkp5CsIXuxqURAjN8AKCyaZ3tgSkQIHcA5Ggs03+HRfSKbwCfcHO1 9doXhykpDusvViU+2bAUetM=ZrBc -----END PGP SIGNATURE-----
Fajar Priyanto wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tuesday 06 April 2004 08:51 pm, Tom Eastep wrote: > >>This is like pulling teeth.... > > > Cheer up Tom :) > He might be just doing some typo on the config, or maybe it''s mdk9.2 blunder > as I had.I''m sure it will be something simple once we understand his config.> But, good news. Today, I have successfully replaced gShield in my > gateway box with shorewall (shorewall 1.3.7 in mdk9.0). The pop3/smtp problem > was because of typo in my qmail supervise script and not shorewall. All I did > today, was double checking all shorewall configs, stop gshield, and fire up > shorewall. Voila! The users didn''t even notice the difference, but, with > shorewall now I can monitor the connections, etc. Great job Tom!Glad to hear that you got it working. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net