On Wednesday 06 July 2005 10:38 pm, Barry Brimer wrote:
> Is there any NAT involved on the client or server end? If so, are
> you using ip_nat_ftp and ip_conntrack_ftp?
The above lines led me in the right direction.
I needed to load ip_conntrack_ftp. My firewall, the "kiss" firewall (it
manages netfilter through iptables) was attempting to load
ip_conntrack_ftp.o, instead of ip_conntrack_ftp.ko.
One letter fix to the kiss firewall code, and the active/passive problem
fixed.
> > When we turn off our firewall (which allows passive under CentOS 3
> > on a 2.4 kernel) we don't get the connection timeout on passive
> > transfers, but we still get the 533.
> >
> > Any ideas where we should go from here?
>
> Long shot. Does your FTP server chroot your users? If so, the
> remote end may not be able to handle /home/jlasman/<filename> because
> it would already see /home/jlasman as / and therefore would require a
> home and home/jlasman to be able to place the file where you have
> indicated.
It was simpler and stupider...
Once I got the active/passive thingy fixed, I still had the 553 error,
so I switched the user to the bash shell. Then I didn't have the 553
error anymore.
But I knew that the nologin shell should have worked as well, since it's
listed in /etc/shells.
So I changed the /etc/passwd file back to use the nologin shell, and it
worked. So I must have had a typo in the /etc/passwd file last night.
So for now I'm (again and still) happy with CentOS 4.
Thanks everyone!
<smile>
Jeff
--
Jeff Lasman, Nobaloney Internet Services
1254 So Waterman Ave., Suite 50, San Bernardino, CA 92408
Our blists address used on lists is for list email only
Phone +1 909 266-9209, or see: "http://www.nobaloney.net/contactus.html";
