On 3 Oct 2016 at 18:39, Ed Greshko wrote: From: Ed Greshko <ed.greshko@xxxxxxxxxxx> Subject: Re: Problem with firewalld/iptables and ftp access list? To: users@xxxxxxxxxxxxxxxxxxxxxxx Date sent: Mon, 3 Oct 2016 18:39:44 +0800 Send reply to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> > > > On 10/03/16 15:32, Michael D. Setzer II wrote: > > Cleaned up the firewall-config extra port options, and tried it on another machine as > > well. Did note that after a reboot, it shows nf_conntract_ftp as being loaded, but not > > being used by anything. If I stop firewalld and start iptables it then shows that it is > > being used?? > > FWIW, I think it is now best to simply let the bugzilla process play out. > > I say this because I have updated my F23 VM today and after the update it too fails in the > same manner as an F24 system. And booting to a previous kernel works. > > 4.7.5-100.fc23.x86_64 = Fails > 4.5.7-202.fc23.x86_64 = Works > > It isn't clear that, to me at least, that nf_conntract_ftp is to blame/involved since in > all cases that I've tried it shows up as being unused. Additionally, doing an "rmmod > nf_conntract_ftp" doesn't change the behavior of either a working case or failing case. > I had seen the comment on the bugzilla about proftpd and setting up pasv ports, and did the equivalent for vsftpd, and that seems to make it work. Here is what I commented after your comment. I had gotten the email on comment 4, and tried the same thing with vsftp. Added to the end of /etc/vsftpd/vsftpd.conf pasv_min_port=60000 pasv_max_prot=60100 Went into firewall-config and opened those ports as well Then restarted vsftpd and then restarted machine. That seems to make it work fine, but not sure what changed from it working before in earlier versions or kernels and now not working? Comment 5 seems to have some more info, but don't know if this is a bug, or a new feature (one must specify passive ports in the server and firewall?). > -- > You're Welcome Zachary Quinto > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx +----------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor Guam Community College Computer Center mailto:mikes@xxxxxxxxxxxxxxxx mailto:msetzerii@xxxxxxxxx Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +----------------------------------------------------------+ http://setiathome.berkeley.edu (Original) Number of Seti Units Returned: 19,471 Processing time: 32 years, 290 days, 12 hours, 58 minutes (Total Hours: 287,489) BOINC@HOME CREDITS ABC 16613838.513356 | EINSTEIN 114625025.788695 ROSETTA 49527492.658188 | SETI 92927032.772384 _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
