On Thu, Sep 08, 2016 at 03:17:32AM +1000, Michael D. Setzer II wrote: > Everything was working till just the other day? I've done more testing, > and it has something to do with firewalld and iptables. > > I found that if I traceroute to machines not running fedora 24 it > complete, but with fedora 24 machine I am getting !X > > I stopped firewalld and iptables on machine d7t and then I can complete > a traceroute and ftp to the machine. while I'm surely not an expert, I think that at this time I would open up the firewall applet on the remote systems and make sure that both ports necessary for ftp are in fact open. According to /etc/services, that would be ports 20 and 21, for both tcp and udp. ftp-data 20/tcp ftp-data 20/udp # 21 is registered to ftp, but also used by fsp ftp 21/tcp ftp 21/udp fsp fspd > > traceroute to 192.168.7.220 (192.168.7.220), 30 hops max, 60 byte > packets > > 1 d7t.guamcc.net (192.168.7.220) 0.122 ms 0.091 ms 0.080 ms > > traceroute to 192.168.7.218 (192.168.7.218), 30 hops max, 60 byte > packets > > 1 d7r.guamcc.net (192.168.7.218) 0.199 ms !X 0.154 ms !X 0.141 ms > !X > > Also have 3 old ubuntu machine, and traceroute to them with no problem > with the !X. > > Did not with the firewald status I am seeing this. > > · firewalld.service - firewalld - dynamic firewall daemon > > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; > vendor preset: enabled) > > Active: active (running) since Thu 2016-09-08 02:53:53 ChST; 41s ago > > Docs: man:firewalld(1) > > Main PID: 11258 (firewalld) > > Tasks: 3 (limit: 512) > > CGroup: /system.slice/firewalld.service > > └─11258 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork > --nopid > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > --destination 192.168.122.0/24 --out-interface virbr0 --match conntrack > --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > --source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > --out-interface virbr0 --jump REJECT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > --in-interface virbr0 --jump REJECT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > --in-interface virbr0 --protocol udp --destination-port 53 --jump > ACCEPT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > --in-interface virbr0 --protocol tcp --destination-port 53 --jump > ACCEPT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete OUTPUT > --out-interface virbr0 --protocol udp --destination-port 68 --jump > ACCEPT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > --in-interface virbr0 --protocol udp --destination-port 67 --jump > ACCEPT' failed: > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > --in-interface virbr0 --protocol tcp --destination-port 67 --jump > ACCEPT' failed: > > Again, it was working 2 days ago, so I am thinking that a recent update > has done something?? > > Not sure why the !X is occurring. These machines are on the same > 192.168.7.x network? > > Thanks for the reply. > > On 7 Sep 2016 at 9:42, Gordon Messmer wrote: > > Subject: Re: Issue with ftp making connection but not > list? > > To: Community support for > Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> > > From: Gordon Messmer <gordon.messmer@xxxxxxxxx> > > Date sent: Wed, 7 Sep 2016 09:42:59 -0700 > > Send reply to: Community support for Fedora users > <users@xxxxxxxxxxxxxxxxxxxxxxx> > > > On 09/07/2016 07:18 AM, Michael D. Setzer II wrote: > > > > Use ftp to transfer files, but just had issues today in which > connection is > > > > made and login works fine, but doing a ls or trying to download a > file fails? > > > > > > > > > If you're behind NAT or a non-stateful firewall, you typically need > to > > > use PASV. If the server is behind NAT or a non-stateful firewall, > you > > > should not use PASV. If you're both behind NAT or non-stateful > > > firewalls, you might not be able to use FTP at all (for non-encrypted > > > FTP, a NAT helper on the firewall can re-write traffic to make active > > > mode work). > > > > > > Since you're able to reach the server from off-site, the problem is > > > probably the firewall used by the clients on campus. If you don't > run > > > that, you should mention the issue to the people who do (MIS?). > > > -- > > > users mailing list > > > users@xxxxxxxxxxxxxxxxxxxxxxx > > > To unsubscribe or change subscription options: > > > > https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.o > rg > > > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > > > Have a question? Ask away: http://ask.fedoraproject.org > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- ---- Fred Smith -- fredex@xxxxxxxxxxxxxxxxxxxxxx ----------------------------- The Lord detests the way of the wicked but he loves those who pursue righteousness. ----------------------------- Proverbs 15:9 (niv) ----------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
