On 08/25/18 05:20, ToddAndMargo wrote: > Here are my "passive rules" I don't claim to know how any of this actually works. Yet I do recall the way connection tracking is handled has changed. Can't find the bugzilla's that gave some insight into the changes. I do run firewalld and I can tell you that if I do an "iptables -L" there is nothing that seems related to ftp. But.... The IP address of ftp.yzu.edu.tw is 140.138.144.170. So..... [egreshko@meimei ~]$ sudo conntrack -L | grep 144 conntrack v1.4.4 (conntrack-tools): 10 flow entries have been shown. and after doing an ftp session with this host egreshko@meimei ~]$ sudo conntrack -L | grep 144 conntrack v1.4.4 (conntrack-tools): 20 flow entries have been shown. tcp 6 115 TIME_WAIT src=192.168.1.18 dst=140.138.144.170 sport=49923 dport=14874 src=140.138.144.170 dst=192.168.1.18 sport=14874 dport=49923 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 99 TIME_WAIT src=192.168.1.18 dst=140.138.144.170 sport=33475 dport=22211 src=140.138.144.170 dst=192.168.1.18 sport=22211 dport=33475 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1 tcp 6 431995 ESTABLISHED src=192.168.1.18 dst=140.138.144.170 sport=45576 dport=21 src=140.138.144.170 dst=192.168.1.18 sport=21 dport=45576 [ASSURED] mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=1 Passive FTP works fine. Active does not. -- Conjecture is just a conclusion based on incomplete information. It isn't a fact.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx/message/FKMZRKRJHBS6QBHJDB6L4QLCCAW4LZSD/