View previous topic :: View next topic |
Author |
Message |
mno Guru
Joined: 29 Dec 2003 Posts: 454 Location: Toronto, Canada
|
Posted: Sun Aug 23, 2015 9:22 pm Post subject: ip_conntrack_ftp and connecting to remote hosts |
|
|
Hi everyone, apologies for a stupid question. I'm trying to ftp from a Gentoo box to a different server. I'm successfully logging in, but subsequently get "No route to host" errors. As per a few articles, it seems an issue on my side with ip_conntrack_ftp missing, but it is set in my kernel .config:
Code: | CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_LOG_COMMON=m
CONFIG_NF_CONNTRACK_SECMARK=y
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_FTP=y
CONFIG_NF_CONNTRACK_IRC=y |
I log in successfully via ftp, but then get this error:
Code: | lastochka springloaded # ftp a2plcpnl0112.prod.iad2.secureserver.net
Connected to a2plcpnl0112.prod.iad2.secureserver.net (198.71.226.39).
220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
220-You are user number 12 of 500 allowed.
220-Local time is now 14:20. Server port: 21.
220-This is a private system - No anonymous login
220 You will be disconnected after 15 minutes of inactivity.
Name (a2plcpnl0112.prod.iad2.secureserver.net:max): xxxxx
500 This security scheme is not implemented
SSL not available
331 User xxxxx OK. Password required
Password:
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
425 Could not open data connection to port 40027: No route to host
ftp> |
Just in case, my local iptables config:
Code: | lastochka springloaded # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9517
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination |
As the other host is GoDaddy, I suspect an issue on my end. As well, I can connect from FileZilla and do file uploads from my home desktop.
Thank you in advance. _________________ "Hello and goodbye. As always." | You can't use here?? | Unanswered |
|
Back to top |
|
|
thoughtform l33t
Joined: 24 May 2004 Posts: 600
|
Posted: Sat Dec 05, 2015 2:53 am Post subject: |
|
|
You have a rule to allow the ftp control connection:
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
the data connection is on another port, could even be a dynamic port.
What happens if you temporarily stop your firewall? |
|
Back to top |
|
|
TigerJr Guru
Joined: 19 Jun 2007 Posts: 540
|
Posted: Sat Dec 05, 2015 5:50 pm Post subject: |
|
|
Try to use PASV command _________________ Do not use gentoo, it die |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|