Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ip_conntrack_ftp and connecting to remote hosts
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
mno
Guru
Guru


Joined: 29 Dec 2003
Posts: 454
Location: Toronto, Canada

PostPosted: Sun Aug 23, 2015 9:22 pm    Post subject: ip_conntrack_ftp and connecting to remote hosts Reply with quote

Hi everyone, apologies for a stupid question. I'm trying to ftp from a Gentoo box to a different server. I'm successfully logging in, but subsequently get "No route to host" errors. As per a few articles, it seems an issue on my side with ip_conntrack_ftp missing, but it is set in my kernel .config:

Code:
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_LOG_COMMON=m
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_IRC=y


I log in successfully via ftp, but then get this error:

Code:
lastochka springloaded # ftp a2plcpnl0112.prod.iad2.secureserver.net
Connected to a2plcpnl0112.prod.iad2.secureserver.net (198.71.226.39).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 12 of 500 allowed.
220-Local time is now 14:20. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
Name (a2plcpnl0112.prod.iad2.secureserver.net:max): xxxxx
500 This security scheme is not implemented
SSL not available
331 User xxxxx OK. Password required
Password:
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
425 Could not open data connection to port 40027: No route to host
ftp>


Just in case, my local iptables config:

Code:
lastochka springloaded # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:9517
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


As the other host is GoDaddy, I suspect an issue on my end. As well, I can connect from FileZilla and do file uploads from my home desktop.

Thank you in advance.
_________________
"Hello and goodbye. As always." | You can't use   here?? | Unanswered
Back to top
View user's profile Send private message
thoughtform
l33t
l33t


Joined: 24 May 2004
Posts: 600

PostPosted: Sat Dec 05, 2015 2:53 am    Post subject: Reply with quote

You have a rule to allow the ftp control connection:

ACCEPT tcp -- anywhere anywhere tcp dpt:ftp

the data connection is on another port, could even be a dynamic port.
What happens if you temporarily stop your firewall?
Back to top
View user's profile Send private message
TigerJr
Guru
Guru


Joined: 19 Jun 2007
Posts: 540

PostPosted: Sat Dec 05, 2015 5:50 pm    Post subject: Reply with quote

Try to use PASV command
_________________
Do not use gentoo, it die
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum