Re: Create a symbolic link to run firefox 49 ..
do you mean to change the location (the directory) of the script ? On Sun, Oct 2, 2016 at 7:57 PM, Patrick O'Callaghan wrote: > On Sun, 2016-10-02 at 18:57 +0300, Angelo Moreschini wrote: > > I updated Firefox to version 49, and now I can run it clicking on the > > program name from a "nautilus" window. > > > > But It is difficult for me, now, to create a symbolic link in order to > run > > firefox using the graphical environment of gnome. > > > > This is because it *(already) **exists **a file "/ usr / bin / firefox" > > file that is not' a link, but instead it is '**a scrip*t: > > Put it in your own bin directory and adjust your $PATH accordingly. > > poc > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: cups - the printer is not responding
thank you I solved On Sun, Oct 2, 2016 at 8:42 PM, Joe Zeff wrote: > On 10/02/2016 10:10 AM, Javier Perez wrote: > >> What kind of printer is it? What happens if you try http://BRN_020554:631 >> ? >> > > Probably Server Not Found. What you need is http://127.0.0.1:631/ > ___ > users mailing list -- users@lists.fedoraproject.org > To unsubscribe send an email to users-le...@lists.fedoraproject.org > ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Problem with firewalld/iptables and ftp access list?
On 2 Oct 2016 at 14:45, Gordon Messmer wrote: Subject:Re: Problem with firewalld/iptables and ftp access list? To: Community support for Fedora users From: Gordon Messmer Date sent: Sun, 2 Oct 2016 14:45:23 -0700 Send reply to: Community support for Fedora users > On 10/02/2016 04:48 AM, Michael D. Setzer II wrote: > > The modeprobe nf_conntrack_ftp doesn't output any messge or error? Not > > sure what it is suppose to output. > > It shouldn't output anything. In your iptables rules you find these: > > -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT > -A IN_public_allow -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW > -j ACCEPT > > When an FTP client connects to your server, it connects to port 21 which > is allowed by the second rule quoted above. The purpose of the > nf_conntrack_ftp module is to examine FTP traffic to determine which new > connections should be allowed by the former rule. When a client makes a > PASV mode connection, it will make additional connections to high > numbered ports for data transfers (including retrieving the output of > commands like "LIST"). That connection should be RELATED, and so > allowed by the former rule. It seems that for some reason, your system > isn't allowing such connections. > > I'll note several things. > > First, I'm unable to reproduce the problem on a mostly up-to-date Fedora > 24 system (still running kernel 4.7.4-200.fc24.x86_64 until I reboot). > Don't know when it exactly started, since I was off-Island for the summer and had remotely upgraded the systems from Fedora 23 to 24. Think I noticed the ftp issue originally in late August or Early September. I generally update machines often, so are currently running the latest kernels with all updates. On main machine, I have a script that uses plink to connect to the other systems and run the updates to keep all machines updated. Some of its options use ftp to download updated files to other systems. > Second, your iptables rules are a mess. For some reason, there are > multiple rules allowing connections to TCP ports 21 and 22 in the > IN_public_allow chain. I don't know any reason that would be a problem > per se, but it probably indicates that something else is wrong with the > system. > After I noticed the ftp wasn't working, I tried manually adding the ports to see if it was an issue with the ftp option not doing something, but it made no difference, and just didn't undo it? I had also tried on another system to activate vsftpd and got the same results, so it wasn't something on the main machine? > Third, you definitely should not be running both the iptables and > firewalld services, simultaneously. I was thought that firewalld was actually a front-end to iptables?? When I checked status they are generally both running, but sometimes I seen one listed as dead, but don't recall which one it was or if it may have been both at times. > > Fourth, the reason that removing "-A INPUT -j REJECT --reject-with > icmp-host-prohibited " from your rules fixes the problem is that > removing that rule allows all traffic. firewalld rules, generally, > allow traffic indicated by policy first, and then REJECT everything > else. When you remove the rule that REJECTS everything else, you're > allowing the traffic that's allowed by policy and all other traffic hits > the policy which is ACCEPT. Removing that rule is the same as turning > off the firewall, except that you still spend the CPU time examining > traffic for not reason. > The systems are I7 machine with quad cores and hyperthreading and 8G of Ram running on a 1G ethernet in classroom. > The problem has been confirmed by Ed and by Alfonso, who opened the bug > report, but it isn't universal, since it doesn't affect the one system I > tested. More details are needed. If it's actually a problem with > nf_conntrack_ftp, your kernel version would be helpful, for one. It may > also be helpful to get a network capture. I used "ngrep" to capture the > following FTP sessions, one PASV and the other PORT. > > > > > > T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] >220 (vsFTPd 3.0.3).. > ## > T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] >FEAT.. > ## > T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] >211-Features:.. > # > T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] > EPRT.. EPSV.. MDTM.. PASV.. REST STREAM.. SIZE.. TVFS.. UTF8..211 End.. > ## > T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] >OPTS UTF8 ON.. > # > T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] >200 Always in UTF8 mode... > # > T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] >USER ftpuser.. > # > T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] >331 Please specify the password... > # > T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] >PASS ftpuser.. > # > T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] >230 Login successful... > # > T 10.
Re: Problem with firewalld/iptables and ftp access list?
On 10/02/2016 04:48 AM, Michael D. Setzer II wrote: The modeprobe nf_conntrack_ftp doesn't output any messge or error? Not sure what it is suppose to output. It shouldn't output anything. In your iptables rules you find these: -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A IN_public_allow -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT When an FTP client connects to your server, it connects to port 21 which is allowed by the second rule quoted above. The purpose of the nf_conntrack_ftp module is to examine FTP traffic to determine which new connections should be allowed by the former rule. When a client makes a PASV mode connection, it will make additional connections to high numbered ports for data transfers (including retrieving the output of commands like "LIST"). That connection should be RELATED, and so allowed by the former rule. It seems that for some reason, your system isn't allowing such connections. I'll note several things. First, I'm unable to reproduce the problem on a mostly up-to-date Fedora 24 system (still running kernel 4.7.4-200.fc24.x86_64 until I reboot). Second, your iptables rules are a mess. For some reason, there are multiple rules allowing connections to TCP ports 21 and 22 in the IN_public_allow chain. I don't know any reason that would be a problem per se, but it probably indicates that something else is wrong with the system. Third, you definitely should not be running both the iptables and firewalld services, simultaneously. Fourth, the reason that removing "-A INPUT -j REJECT --reject-with icmp-host-prohibited " from your rules fixes the problem is that removing that rule allows all traffic. firewalld rules, generally, allow traffic indicated by policy first, and then REJECT everything else. When you remove the rule that REJECTS everything else, you're allowing the traffic that's allowed by policy and all other traffic hits the policy which is ACCEPT. Removing that rule is the same as turning off the firewall, except that you still spend the CPU time examining traffic for not reason. The problem has been confirmed by Ed and by Alfonso, who opened the bug report, but it isn't universal, since it doesn't affect the one system I tested. More details are needed. If it's actually a problem with nf_conntrack_ftp, your kernel version would be helpful, for one. It may also be helpful to get a network capture. I used "ngrep" to capture the following FTP sessions, one PASV and the other PORT. T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 220 (vsFTPd 3.0.3).. ## T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] FEAT.. ## T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 211-Features:.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] EPRT.. EPSV.. MDTM.. PASV.. REST STREAM.. SIZE.. TVFS.. UTF8..211 End.. ## T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] OPTS UTF8 ON.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 200 Always in UTF8 mode... # T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] USER ftpuser.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 331 Please specify the password... # T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] PASS ftpuser.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 230 Login successful... # T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] PWD.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 257 "/" is the current directory.. # T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] PASV.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 227 Entering Passive Mode (10,1,10,94,114,151)... T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] LIST.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 150 Here comes the directory listing... # T 10.1.10.94:29335 -> 10.1.10.50:49489 [AP] -rw-r--r-- 1 0 00 Oct 02 21:07 test.. # T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 226 Directory send OK... # T 10.1.10.50:39498 -> 10.1.10.94:21 [AP] QUIT.. ## T 10.1.10.94:21 -> 10.1.10.50:39498 [AP] 221 Goodbye... ## T 10.1.10.50:39498 -> 10.1.10.94:21 [R] .. # T 10.1.10.50:39498 -> 10.1.10.94:21 [R] .. T 10.1.10.94:21 -> 10.1.10.50:39500 [AP] 220 (vsFTPd 3.0.3).. ## T 10.1.10.50:39500 -> 10.1.10.94:21 [AP] FEAT.. ## T 10.1.10.94:21 -> 10.1.10.50:39500 [AP] 211-Features:.. # T 10.1.10.94:21 -> 10.1.10.50:39500 [AP] EPRT.. EPSV.. MDTM.. PASV.. REST STREAM.. SIZE.. TVFS.. UTF8..211 End.. ## T 10.1.10.50:39500 -> 10.1.10.94:21 [AP] OPTS UTF8 ON.. # T 10.1.10.94:21 -> 10.1.10.50:39500 [AP] 200 Always in UTF8 mode... # T 10.1.10.50:39500 -> 10.1.10.94:21 [AP] USER ftpuser.. # T 10.1.10.94:21 -> 10.1.10.50:39500 [AP] 331 Please specify the password... # T 10.1.10.50:39500 -> 10.1.10.94:21 [AP] PASS ftpuser.. # T 10.1.10.94:21 -> 10.1.10.50:39500 [AP] 230 Login successful... # T 10.1.10.50:39500 -> 10.1.10.94:21 [AP] PWD.. # T 10.1.10.94:21 -> 10.1.10.50:39500 [AP] 257 "/" is the current directory.. # T 10.1.10.50:39500 -> 10.1.10.94:21 [AP] PORT 10,1,10,50,142,235.. # T 10.1.10.94:21 -> 10.1.10.50:39500 [AP]
Re: Odd behaviour for GREP
On 10/02/2016 03:15 AM, Philip Rhoades wrote: grep Cock * grep: *: No such file or directory This is not a grep problem, it's a shell problem. What does 'ls *' do? What is the output from 'echo $SHELL'? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: cups - the printer is not responding
On 10/02/2016 10:10 AM, Javier Perez wrote: What kind of printer is it? What happens if you try http://BRN_020554:631 ? Probably Server Not Found. What you need is http://127.0.0.1:631/ ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: issue with pycam
On Sun, 02 Oct 2016 09:34:52 -0700 Howard Howell wrote: > Hi, everyone, > I use Pycam with my milling machine. The process I follow is: > design with OpenSCAD, export as DXF or STL format. > Open with PYCAM and adjust settings for feedrate, speed, bit > size and so forth as required for the project and material. Load the > DXF or STL file and run one of the tool paths. > > This has worked for years with no issues. Today, though, > Pycam fails. No errors when the window closes suddenly withour > finishing the job. So I started Pycam from the terminal windows and > here are the error messages: > > Psyco is not available (performance will probably suffer slightly) > Enabled 8 parallel local processes > Font directory: /usr/share/pycam/fonts > Loading task settings file: /home/lesh/CNC/PYCAM/plywood.conf > Imported STL model: 839 vertices, 0 edges, 1444 triangles > No previous undo state available - request ignored > Imported STL model: 518 vertices, 0 edges, 800 triangles I think these are just informational. I find this about psyco. 12 March 2012 Psyco is unmaintained and dead. Please look at PyPy for the state-of-the-art in JIT compilers for Python. [snip] > radeon: Failed to deallocate virtual address for buffer: > radeon:size : 4096 bytes > radeon:va: 0x884000 > Segmentation fault (core dumped) This seems to be your problem. Since radeon is a kernel module, it is possible that it is a kernel issue. What happens if you boot a previous kernel? If a previous kernel works, you should open a ticket against the kernel at https://bugzilla.redhat.com/ describing your problem with the radeon driver. If it doesn't, then something else has changed. That will take further sleuthing to find. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: cups - the printer is not responding
What kind of printer is it? What happens if you try http://BRN_020554:631 ? On Wed, Sep 14, 2016 at 8:03 AM, Angelo Moreschini < mrangelo.fed...@gmail.com> wrote: > I correct myself: > > *I can see the printer, that is connected to computer server, inside the > web browser of the computer client at localhost:631.* > > I read that I can indicate the IP of the client in the file cupsd.conf on > the server. > And there I put : > - > > # Allow remote access... > Order allow,deny > Allow all > > > I put there "Allow all", because I am not sure about which concrete IP > address of client to write because the IP addresses are assigned (from > DHCP) dynamically, and I find different values evry time the computer > start.. > > > On Wed, Sep 14, 2016 at 11:10 AM, Angelo Moreschini < > mrangelo.fed...@gmail.com> wrote: > >> Hi, >> >> I have a network printer (that I can see on the computer server browser >> at localhost:631). >> When I try to use it, the jobs are not processed... - and I get the >> message >> * " the printer is not responding".* >> >> I fund this information at link ; >> https://wiki.archlinux.org/index.php/CUPS/Troubleshooting# >> All_jobs_are_.22The_printer_is_not_responding.22 >> >> - >> All jobs are "The printer is not responding" >> >> On networked printers, you should check that the name that CUPS uses as >> its connection URI resolves to the printer's IP via DNS, e.g. If your >> printer's connection looks like this: >> >> lpd://BRN_020554/BINARY_P1 >> >> then the hostname 'BRN_020554' needs to resolve to the printer's IP from >> the server running CUPS >> >> >> I understand what this means... >> but I don't know how to accomplice the task*: * >>* resolve that the IP from the server running >> CUPS * >> >> Any help to do this will be appreciated. >> >> Thank you >> >> Angelo >> > > > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org > > -- -- /\_/\ |O O| pepeb...@gmail.com Javier Perez While the night runs toward the day... m m Pepebuho watches from his high perch. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Create a symbolic link to run firefox 49 ..
On Sun, 2016-10-02 at 18:57 +0300, Angelo Moreschini wrote: > I updated Firefox to version 49, and now I can run it clicking on the > program name from a "nautilus" window. > > But It is difficult for me, now, to create a symbolic link in order to run > firefox using the graphical environment of gnome. > > This is because it *(already) **exists **a file "/ usr / bin / firefox" > file that is not' a link, but instead it is '**a scrip*t: Put it in your own bin directory and adjust your $PATH accordingly. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
issue with pycam
Hi, everyone, I use Pycam with my milling machine. The process I follow is: design with OpenSCAD, export as DXF or STL format. Open with PYCAM and adjust settings for feedrate, speed, bit size and so forth as required for the project and material. Load the DXF or STL file and run one of the tool paths. This has worked for years with no issues. Today, though, Pycam fails. No errors when the window closes suddenly withour finishing the job. So I started Pycam from the terminal windows and here are the error messages: Psyco is not available (performance will probably suffer slightly) Enabled 8 parallel local processes Font directory: /usr/share/pycam/fonts Loading task settings file: /home/lesh/CNC/PYCAM/plywood.conf Imported STL model: 839 vertices, 0 edges, 1444 triangles No previous undo state available - request ignored Imported STL model: 518 vertices, 0 edges, 800 triangles radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 Toolpath generation time: 6.927992 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x882000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x881000 radeon: Failed to deallocate virtual address for buffer: radeon:size : 4096 bytes radeon:va: 0x884000 Segmentation fault (core dumped) Here is my machine configuration: ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Create a symbolic link to run firefox 49 ..
Hi, I updated Firefox to version 49, and now I can run it clicking on the program name from a "nautilus" window. But It is difficult for me, now, to create a symbolic link in order to run firefox using the graphical environment of gnome. This is because it *(already) **exists **a file "/ usr / bin / firefox" file that is not' a link, but instead it is '**a scrip*t: - - - - - - - - - - - - -- - - - - - - - - - - - -- - - - - - - - - - - - -- - - - - - - - - - - - - #!/bin/bash # # The contents of this file are subject to the Netscape Public # License Version 1.1 (the "License"); you may not use this file # except in compliance with the License. You may obtain a copy of # the License at http://www.mozilla.org/NPL/ # # Software distributed under the License is distributed on an "AS # IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or # implied. See the License for the specific language governing # rights and limitations under the License. # # The Original Code is mozilla.org code. # # The Initial Developer of the Original Code is Netscape # Communications Corporation. Portions created by Netscape are # Copyright (C) 1998 Netscape Communications Corporation. All # Rights Reserved. # # Contributor(s): # ## ## Usage: ## ## $ firefox ## ## This script is meant to run a mozilla program from the mozilla ## rpm installation. ## ## The script will setup all the environment voodoo needed to make ## mozilla work. ….. ….. - - - - - - - - - - - - -- - - - - - - - - - - - -- - - - - - - - - - - - -- - - - - - - - - - - - - probably (indeed it is sure) in my case it need to modify this script, in order to run graphically firefox by gnome But I have not idea how to do this. Any help to solve my problem will be 'appreciated. Thank you Angelo ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Problem with firewalld/iptables and ftp access list?
On 10/02/16 20:04, Ed Greshko wrote: > That's about all I can say this my evening. If I have time tomorrow I'll put > up a > vsftpd on a system and see if I can recreate the issue. I have installed vsftpd on an F24 and F23 system and verified that F24 fails as described by Michael while F23 succeeds. I've found this problem to have been recently reported in https://bugzilla.redhat.com/show_bug.cgi?id=1380168. -- You're Welcome Zachary Quinto ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Odd behaviour for GREP
On Sun, Oct 02, 2016 at 09:15:36PM +1100, Philip Rhoades wrote: > On F25 x86_64 as user "fedora" with default environment I get: > > grep Cock application.html.erb > > Provider for the National Disability Insurance Trial Site in Kwinana/ > Cockburn > > grep Cock * > > grep: *: No such file or directory > > grep Cock a* > > grep: a*: No such file or directory > > grep Cock *erb > > grep: *erb: No such file or directory > > The same commands for root work as expected . . but I cannot see anything in > .bash[rc | _profile] that would make a difference - I can send the diffs if > people think I am missing something . . This isn't an issue with grep, but with your shell not expanding wildcards. If grep Cock * gives you grep: *: No such file or directory then I'd expect echo * to give you * If indeed the shell isn't expanding wildcards (but does for root), then I'd suspect the directory isn't readable by the current user (i.e. it's --x or -wx rather than r-x or rwx). -- O Unicef Clearasil! Gibberish and Drivel! -- "Bored of the Rings" ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Problem with firewalld/iptables and ftp access list?
On 10/02/16 19:48, Michael D. Setzer II wrote: > The modeprobe nf_conntrack_ftp doesn't output any messge or error? Not sure > what it is > suppose to output. No, it probably won't. Before issuing the modprobe, it would have been a good idea to use lsmod to see if it was already loaded. FWIW, as I mentioned the module doesn't get loaded when initially making changes to the firewall with the GUI. But you could use the GUI to reload and it does get loaded. Once loaded, it stays loaded unless you issue an rmmod command and the module is not in use. > > I did a test from a machine to the server running the vsftp server and using > ncftp or > ncftpls, but in the past have also used ftp with the same results. > > With the line disabled everything seems to work, but without it seems to > fail, but in > one section changed passive mode, back it seemed to continue?? > > These machines are in the same 192.168.7.x network connected to the same > switch? All are > running Fedora 24, upgraded via dnf from 23 over the summer. With the 23, > never had any > issues. I fired up an F22 system and did an iptables-save and found it also has the line -A INPUT -j REJECT --reject-with icmp-host-prohibited That's about all I can say this my evening. If I have time tomorrow I'll put up a vsftpd on a system and see if I can recreate the issue. I have no idea why I'd suggest this, other than the active/passive comments you made, but I guess you can also try to open port 20 and with that line active in iptables see if the results are the same. -- You're Welcome Zachary Quinto ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Problem with firewalld/iptables and ftp access list?
On 2 Oct 2016 at 16:14, Ed Greshko wrote: From: Ed Greshko Subject:Re: Problem with firewalld/iptables and ftp access list? To: Fedora Date sent: Sun, 2 Oct 2016 16:14:48 +0800 Send reply to: Community support for Fedora users > > > On 10/02/16 15:17, Ed Greshko wrote: > > > > On 10/02/16 14:51, Gordon Messmer wrote: > >> On 10/01/2016 04:37 PM, Michael D. Setzer II wrote: > >>> I can connect to ftp server but the listing fails if firewalld and > >>> iptables services > >>> are running. > >> > >> Does the problem go away if you "modprobe nf_conntrack_ftp" as root, and > >> leave firewalld > >> up? > > FWIW, /usr/lib/firewalld/services/ftp.xml suggests that enabling ftp via > > firewalld will > > also load nf_conntrack_ftp. > > > I have found that indeed nf_conntrack_ftp is "enabled" by selecting ftp in > firewalld. > However, that isn't dynamic like opening the ports. It is loaded on the next > reboot. > The modeprobe nf_conntrack_ftp doesn't output any messge or error? Not sure what it is suppose to output. I did a test from a machine to the server running the vsftp server and using ncftp or ncftpls, but in the past have also used ftp with the same results. With the line disabled everything seems to work, but without it seems to fail, but in one section changed passive mode, back it seemed to continue?? These machines are in the same 192.168.7.x network connected to the same switch? All are running Fedora 24, upgraded via dnf from 23 over the summer. With the 23, never had any issues. test-iptables results [msetzerii@d7t ~]$ ncftpls ftp://192.168.7.101/verne.png verne.png Test from other machine with line disabled. [root@d7t sysconfig]# ncftp 192.168.7.101 NcFTP 3.2.5 (Feb 02, 2011) by Mike Gleason (http://www.NcFTP.com/contact/). Connecting to 192.168.7.101... (vsFTPd 3.0.3) Logging in... Login successful. Logged in to 192.168.7.101. ncftp / > ls verne.png verne.png ncftp / > passive passiveon ncftp / > ls verne.png verne.png ncftp / > passive passiveoff ncftp / > ls verne.png verne.png ncftp / > Reenabled the line in iptables and rebooted server machine [root@d7t sysconfig]# ncftp 192.168.7.101 NcFTP 3.2.5 (Feb 02, 2011) by Mike Gleason (http://www.NcFTP.com/contact/). Connecting to 192.168.7.101... (vsFTPd 3.0.3) Logging in... Login successful. Logged in to 192.168.7.101. ncftp / > ls verne.png connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. List failed. ncftp / > get verne.png connect failed: No route to host. connect failed: No route to host. connect failed: No route to host. get verne.png: could not connect data socket. ncftp / > passive passiveoff ncftp / > ls verne.png verne.png ncftp / > get verne.png verne.png: 2.81 MB 50.15 MB/s ncftp / > ncftp / > passive passiveon ncftp / > ls verne.png verne.png ncftp / > get verne.png get verne.png: local file appears to be the same as the remote file, download is not necessary. ncftp / > As a test, after a reboot with the line enabled, I had 19 machines attempt to ls the verne.png and all failed with connection error. I then commented out the line, and stopped, and then started iptables and all machines had no issues with listing? The iptables-save listing (line 138 with the ### is bolded) # Generated by iptables-save v1.4.21 on Sat Oct 1 16:13:53 2016 *security :INPUT ACCEPT [41:2655] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [47:3628] :FORWARD_direct - [0:0] :INPUT_direct - [0:0] :OUTPUT_direct - [0:0] -A INPUT -j INPUT_direct -A FORWARD -j FORWARD_direct -A OUTPUT -j OUTPUT_direct COMMIT # Completed on Sat Oct 1 16:13:53 2016 # Generated by iptables-save v1.4.21 on Sat Oct 1 16:13:53 2016 *nat :PREROUTING ACCEPT [5:268] :INPUT ACCEPT [1:60] :OUTPUT ACCEPT [9:617] :POSTROUTING ACCEPT [9:617] :OUTPUT_direct - [0:0] :POSTROUTING_ZONES - [0:0] :POSTROUTING_ZONES_SOURCE - [0:0] :POSTROUTING_direct - [0:0] :POST_public - [0:0] :POST_public_allow - [0:0] :POST_public_deny - [0:0] :POST_public_log - [0:0] :PREROUTING_ZONES - [0:0] :PREROUTING_ZONES_SOURCE - [0:0] :PREROUTING_direct - [0:0] :PRE_public - [0:0] :PRE_public_allow - [0:0] :PRE_public_deny - [0:0] :PRE_public_log - [0:0] -A PREROUTING -j PREROUTING_direct -A PREROUTING -j PREROUTING_ZONES_SOURCE -A PREROUTING -j PREROUTING_ZONES -A OUTPUT -j OUTPUT_direct -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN -A POSTROUTING -s 192.168.122.0/24 -d 255.
Re: Odd behaviour for GREP - correction
On Sun, 2016-10-02 at 21:17 +1100, Philip Rhoades wrote: > > On F25 x86_64 as user "fedora" with default environment I get: > > > Actually it is F20 x86_64 - I forgot I was on a VM! F20 is EOLed and F25 is unreleased. If it happens in F23 or F24 then this would be the place to discuss it. poc ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Odd behaviour for GREP - correction
On 2016-10-02 21:15, Philip Rhoades wrote: People, On F25 x86_64 as user "fedora" with default environment I get: Actually it is F20 x86_64 - I forgot I was on a VM! grep Cock application.html.erb Provider for the National Disability Insurance Trial Site in Kwinana/ Cockburn grep Cock * grep: *: No such file or directory grep Cock a* grep: a*: No such file or directory grep Cock *erb grep: *erb: No such file or directory The same commands for root work as expected . . but I cannot see anything in .bash[rc | _profile] that would make a difference - I can send the diffs if people think I am missing something . . Any ideas? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Odd behaviour for GREP
People, On F25 x86_64 as user "fedora" with default environment I get: grep Cock application.html.erb Provider for the National Disability Insurance Trial Site in Kwinana/ Cockburn grep Cock * grep: *: No such file or directory grep Cock a* grep: a*: No such file or directory grep Cock *erb grep: *erb: No such file or directory The same commands for root work as expected . . but I cannot see anything in .bash[rc | _profile] that would make a difference - I can send the diffs if people think I am missing something . . Any ideas? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Problem with firewalld/iptables and ftp access list?
On 10/02/16 15:17, Ed Greshko wrote: > > On 10/02/16 14:51, Gordon Messmer wrote: >> On 10/01/2016 04:37 PM, Michael D. Setzer II wrote: >>> I can connect to ftp server but the listing fails if firewalld and iptables >>> services >>> are running. >> >> Does the problem go away if you "modprobe nf_conntrack_ftp" as root, and >> leave firewalld >> up? > FWIW, /usr/lib/firewalld/services/ftp.xml suggests that enabling ftp via > firewalld will > also load nf_conntrack_ftp. > I have found that indeed nf_conntrack_ftp is "enabled" by selecting ftp in firewalld. However, that isn't dynamic like opening the ports. It is loaded on the next reboot. -- You're Welcome Zachary Quinto ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: Problem with firewalld/iptables and ftp access list?
On 10/02/16 14:51, Gordon Messmer wrote: > On 10/01/2016 04:37 PM, Michael D. Setzer II wrote: >> I can connect to ftp server but the listing fails if firewalld and iptables >> services >> are running. > > > Does the problem go away if you "modprobe nf_conntrack_ftp" as root, and > leave firewalld > up? FWIW, /usr/lib/firewalld/services/ftp.xml suggests that enabling ftp via firewalld will also load nf_conntrack_ftp. -- You're Welcome Zachary Quinto ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org