Re: nf_ct_ftp: dropping packet: partial matching of `227 '

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Am 15.04.2016 um 10:16 schrieb Reindl Harald:
Am 14.04.2016 um 23:53 schrieb Marcelo Ricardo Leitner:
Otherwise it won't be able to expect the new connection

sounds reasonable, on the other side the client yesterday had troubles
to make passive ftp connections with "connection refused" as far as the
admin was able to tell on the phone

It could be that the drop happened and an auxiliary connection was
attempted before the retransmission of the 227 reply, so your firewall
didn't know about it and actively blocked the connection. If it had
silently dropped the new connection request, the client probably would
retransmit the SYN after a bit.

Now why the cameras are triggering it, good question

not the cameras - a ordinary client with filezilla, that one with 227 in
his IP address, the cameras blow their images without any problem on the
FTP server

maybe i made it not clear enough:

there is no "my firewall" between that is just iptables directly on the machine running pure-ftpd and so it's killing outgoing localhost traffic - that is very weird

_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/kernel@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux