On 7 Sep 2016 at 13:50, Fred Smith wrote: Date sent: Wed, 7 Sep 2016 13:50:21 -0400 From: Fred Smith <fredex@xxxxxxxxxxxxxxxxxxxxxx> To: users@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: Issue with ftp making connection but not list? Send reply to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> > On Thu, Sep 08, 2016 at 03:17:32AM +1000, Michael D. Setzer II wrote: > > Everything was working till just the other day? I've done more testing, > > and it has something to do with firewalld and iptables. > > > > I found that if I traceroute to machines not running fedora 24 it > > complete, but with fedora 24 machine I am getting !X > > > > I stopped firewalld and iptables on machine d7t and then I can complete > > a traceroute and ftp to the machine. > > while I'm surely not an expert, I think that at this time I would open > up the firewall applet on the remote systems and make sure that both > ports necessary for ftp are in fact open. According to /etc/services, > that would be ports 20 and 21, for both tcp and udp. > > ftp-data 20/tcp > ftp-data 20/udp > # 21 is registered to ftp, but also used by fsp > ftp 21/tcp > ftp 21/udp fsp fspd > Did check /etc/services and the ports are listed. The firewall-config has the ftp service check, but had also tried adding the ports 20-21 as ports to open. Not sure how that would effect the traceroute anyway, but only currently shuting down firewalld and iptables seems to get the process to work correctly. Specific machines are in my classroom, and are connected to the same switch. > > > > traceroute to 192.168.7.220 (192.168.7.220), 30 hops max, 60 byte > > packets > > > > 1 d7t.guamcc.net (192.168.7.220) 0.122 ms 0.091 ms 0.080 ms > > > > traceroute to 192.168.7.218 (192.168.7.218), 30 hops max, 60 byte > > packets > > > > 1 d7r.guamcc.net (192.168.7.218) 0.199 ms !X 0.154 ms !X 0.141 ms > > !X > > > > Also have 3 old ubuntu machine, and traceroute to them with no problem > > with the !X. > > > > Did not with the firewald status I am seeing this. > > > > · firewalld.service - firewalld - dynamic firewall daemon > > > > Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; > > vendor preset: enabled) > > > > Active: active (running) since Thu 2016-09-08 02:53:53 ChST; 41s ago > > > > Docs: man:firewalld(1) > > > > Main PID: 11258 (firewalld) > > > > Tasks: 3 (limit: 512) > > > > CGroup: /system.slice/firewalld.service > > > > └─11258 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork > > --nopid > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > > --destination 192.168.122.0/24 --out-interface virbr0 --match conntrack > > --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > > --source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > > --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > > --out-interface virbr0 --jump REJECT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD > > --in-interface virbr0 --jump REJECT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > > --in-interface virbr0 --protocol udp --destination-port 53 --jump > > ACCEPT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > > --in-interface virbr0 --protocol tcp --destination-port 53 --jump > > ACCEPT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete OUTPUT > > --out-interface virbr0 --protocol udp --destination-port 68 --jump > > ACCEPT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > > --in-interface virbr0 --protocol udp --destination-port 67 --jump > > ACCEPT' failed: > > > > Sep 08 02:53:54 d7t.guamcc.net /firewalld[11258]: WARNING: > > COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT > > --in-interface virbr0 --protocol tcp --destination-port 67 --jump > > ACCEPT' failed: > > > > Again, it was working 2 days ago, so I am thinking that a recent update > > has done something?? > > > > Not sure why the !X is occurring. These machines are on the same > > 192.168.7.x network? > > > > Thanks for the reply. > > > > On 7 Sep 2016 at 9:42, Gordon Messmer wrote: > > > > Subject: Re: Issue with ftp making connection but not > > list? > > > > To: Community support for > > Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> > > > > From: Gordon Messmer <gordon.messmer@xxxxxxxxx> > > > > Date sent: Wed, 7 Sep 2016 09:42:59 -0700 > > > > Send reply to: Community support for Fedora users > > <users@xxxxxxxxxxxxxxxxxxxxxxx> > > > > > On 09/07/2016 07:18 AM, Michael D. Setzer II wrote: > > > > > > Use ftp to transfer files, but just had issues today in which > > connection is > > > > > > made and login works fine, but doing a ls or trying to download a > > file fails? > > > > > > > > > > > > > > > If you're behind NAT or a non-stateful firewall, you typically need > > to > > > > > use PASV. If the server is behind NAT or a non-stateful firewall, > > you > > > > > should not use PASV. If you're both behind NAT or non-stateful > > > > > firewalls, you might not be able to use FTP at all (for non-encrypted > > > > > FTP, a NAT helper on the firewall can re-write traffic to make active > > > > > mode work). > > > > > > > > > > Since you're able to reach the server from off-site, the problem is > > > > > probably the firewall used by the clients on campus. If you don't > > run > > > > > that, you should mention the issue to the people who do (MIS?). > > > > > -- > > > > > users mailing list > > > > > users@xxxxxxxxxxxxxxxxxxxxxxx > > > > > To unsubscribe or change subscription options: > > > > > > > https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.o > > rg > > > > > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > > > > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > > > > > Have a question? Ask away: http://ask.fedoraproject.org > > > -- > > users mailing list > > users@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe or change subscription options: > > https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx > > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > > Have a question? Ask away: http://ask.fedoraproject.org > > > -- > ---- Fred Smith -- fredex@xxxxxxxxxxxxxxxxxxxxxx ----------------------------- > The Lord detests the way of the wicked > but he loves those who pursue righteousness. > ----------------------------- Proverbs 15:9 (niv) ----------------------------- > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org +----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@xxxxxxxxxxxxxxxx mailto:msetzerii@xxxxxxxxx Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+ http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489) BOINC@HOME CREDITS ABC 16613838.513356 | EINSTEIN 111619174.788695 ROSETTA 48018352.619787 | SETI 91341742.472919 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
