On Thu, Sep 08, 2016 at 03:17:32AM +1000, Michael D. Setzer II wrote:
Everything was working till just the other day? I've done more
testing,
and it has something to do with firewalld and iptables.
I found that if I traceroute to machines not running fedora 24 it
complete, but with fedora 24 machine I am getting !X
I stopped firewalld and iptables on machine d7t and then I can complete
a traceroute and ftp to the machine.
while I'm surely not an expert, I think that at this time I would open
up the firewall applet on the remote systems and make sure that both
ports necessary for ftp are in fact open. According to /etc/services,
that would be ports 20 and 21, for both tcp and udp.
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
traceroute to 192.168.7.220 (192.168.7.220), 30 hops max, 60 byte
packets
1
d7t.guamcc.net (192.168.7.220) 0.122 ms 0.091 ms 0.080 ms
traceroute to 192.168.7.218 (192.168.7.218), 30 hops max, 60 byte
packets
1
d7r.guamcc.net (192.168.7.218) 0.199 ms !X 0.154 ms !X 0.141 ms
!X
Also have 3 old ubuntu machine, and traceroute to them with no problem
with the !X.
Did not with the firewald status I am seeing this.
· firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled;
vendor preset: enabled)
Active: active (running) since Thu 2016-09-08 02:53:53 ChST; 41s ago
Docs: man:firewalld(1)
Main PID: 11258 (firewalld)
Tasks: 3 (limit: 512)
CGroup: /system.slice/firewalld.service
└─11258 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork
--nopid
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD
--destination 192.168.122.0/24 --out-interface virbr0 --match conntrack
--ctstate ESTABLISHED,RELATED --jump ACCEPT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD
--source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD
--in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD
--out-interface virbr0 --jump REJECT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete FORWARD
--in-interface virbr0 --jump REJECT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT
--in-interface virbr0 --protocol udp --destination-port 53 --jump
ACCEPT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT
--in-interface virbr0 --protocol tcp --destination-port 53 --jump
ACCEPT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete OUTPUT
--out-interface virbr0 --protocol udp --destination-port 68 --jump
ACCEPT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT
--in-interface virbr0 --protocol udp --destination-port 67 --jump
ACCEPT' failed:
Sep 08 02:53:54
d7t.guamcc.net /firewalld[11258]: WARNING:
COMMAND_FAILED: '/usr/sbin/iptables -w --table filter --delete INPUT
--in-interface virbr0 --protocol tcp --destination-port 67 --jump
ACCEPT' failed:
Again, it was working 2 days ago, so I am thinking that a recent update
has done something??
Not sure why the !X is occurring. These machines are on the same
192.168.7.x network?
Thanks for the reply.
On 7 Sep 2016 at 9:42, Gordon Messmer wrote:
Subject: Re: Issue with ftp making connection but not
list?
To: Community support for
Fedora users <users(a)lists.fedoraproject.org>
From: Gordon Messmer <gordon.messmer(a)gmail.com>
Date sent: Wed, 7 Sep 2016 09:42:59 -0700
Send reply to: Community support for Fedora users
<users(a)lists.fedoraproject.org>
> On 09/07/2016 07:18 AM, Michael D. Setzer II wrote:
> > Use ftp to transfer files, but just had issues today in which
connection is
> > made and login works fine, but doing a ls or trying to download a
file fails?
>
>
> If you're behind NAT or a non-stateful firewall, you typically need
to
> use PASV. If the server is behind NAT or a non-stateful firewall,
you
> should not use PASV. If you're both behind NAT or non-stateful
> firewalls, you might not be able to use FTP at all (for non-encrypted
> FTP, a NAT helper on the firewall can re-write traffic to make active
> mode work).
>
> Since you're able to reach the server from off-site, the problem is
> probably the firewall used by the clients on campus. If you don't
run
> that, you should mention the issue to the people who do (MIS?).
> --
> users mailing list
> users(a)lists.fedoraproject.org
> To unsubscribe or change subscription options:
>
https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.o
rg
> Fedora Code of Conduct:
http://fedoraproject.org/code-of-conduct
> Guidelines:
http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away:
http://ask.fedoraproject.org
--
---- Fred Smith -- fredex(a)fcshome.stoneham.ma.us -----------------------------
The Lord detests the way of the wicked
but he loves those who pursue righteousness.
----------------------------- Proverbs 15:9 (niv) -----------------------------