Re: FreeBSD FTP problem
Hello! - Original Message - From: "Ryan Thompson" <[EMAIL PROTECTED]> To: "Arcadius A." <[EMAIL PROTECTED]> Cc: "FreeBSD Questions" <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 6:36 AM Subject: Re: FreeBSD FTP problem > Arcadius A. wrote to Ryan Thompson and FreeBSD Questions: > > > > > but nothing more just the same arror as the one you've described: > > > > "... 425 can't build data connection: operation timed out ..." :-((( > > > > > > > > Do you have any idea about how to get around this? > > > > > > Well, in my case, it turned out to be pilot error... FTP is a tricky > > > protocol to allow through default-deny firewalls, and I had simultaneous > > > bugs in my firewall config *and* FTPd config, with respect to passive > > > transfers. It took me a while to spot. > > > > > > Check your firewall config carefully, and make sure you have a good > > > understanding of how the FTP protocol works (in active and passive > > > modes). Completely open your firewall temporarily (i.e., ipfw add 201 > > > allow ip from any to any) and verify that things work there. If things > > > work there (or fail differently), the problem is with your firewall (and > > > possibly FTPd configuration, if you're using the ephemeral port range > > > for PASV). If your tests fail in *exactly* the same manner as before, > > > including the same timeout delays, you can ignore your firewall for the > > > time being (but leave it open until you get FTP working, and *then* > > > restrict it, so you're only testing one unknown at a time). Try running > > > tcpdump and sockstat on the server to see what's coming and going for > > > FTP traffic. /ports/net/trafshow might be helpful, too. > > > > > > > Hello! > > Thanks for the reply! > > But I'm not running any firewall on my server... > > Ahh. So you're *not* having exactly the same problem. :-) > > > So, my problem shouldn't be with the firewall on my server... > > > > About the configuration of FTPd, I cannot find the config file > > (ftpd.conf or ftpd.config or ftpd.cf )on my server(FreeBSD4.8 stable, > > built yesterday). > > >From ftpd(8): > FILES > /etc/ftpusersList of unwelcome/restricted users. > /etc/ftpchroot List of normal users who should be chroot'd. > /etc/ftphostsVirtual hosting configuration file. > /etc/ftpwelcome Welcome notice. > /etc/ftpmotd Welcome notice after login. > /var/run/nologin > Displayed and access refused. > /var/log/ftpdLog file for anonymous transfers. > > > Note that I'm trying to connect to FreeBSD from a windows > > workstation both the workstation and the FreeBSD server are in > > the same LAN From my Windows box, I can easilly connect via FTP to > > other Linux sercers in my LAN or even out of the LAN.. But when I > > connect to my FreeBSD server, it connecs well... but I cannot do > > anything useful on the server I get the error "...425 can't build > > data connection: operation timed out..." > > Try both active and passive modes for transfer. If you really have no > firewall between the client and the server (remember the entire path > from application to application is important), and there is no address > translation going on, you should have no issues either way with the > stock configurations of Windows and FreeBSD. > > If, on the other hand, you're running any sort of packet filter or > "Personal Firewall" on the Windows machine, or using "Internet Let me mention that when I was having this problem yesterday, when I ping to my local Linux gateway, it takes in average time 200ms(but normally, it use to take <1ms), and I had to go thru that gateway before getting to my FreeBSD server. I didn't mention it yesterday because I have to go thru that same gateway before reaching the Linux boxes I have successfully connected to when I was having troubles with the BSD box. Right now, the time to reach the gateway has dropped to its normal value (<1ms) and the FreeBSD box now works quite fine... So, the problem with the FreeBSD server was triggered by some anomalies in our network Yes, there is a firewall on that Linux gateway but I have no control on it Thank so much for the support. Arcadius A. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD FTP problem
Arcadius A. wrote to Ryan Thompson and FreeBSD Questions: > > > but nothing more just the same arror as the one you've described: > > > "... 425 can't build data connection: operation timed out ..." :-((( > > > > > > Do you have any idea about how to get around this? > > > > Well, in my case, it turned out to be pilot error... FTP is a tricky > > protocol to allow through default-deny firewalls, and I had simultaneous > > bugs in my firewall config *and* FTPd config, with respect to passive > > transfers. It took me a while to spot. > > > > Check your firewall config carefully, and make sure you have a good > > understanding of how the FTP protocol works (in active and passive > > modes). Completely open your firewall temporarily (i.e., ipfw add 201 > > allow ip from any to any) and verify that things work there. If things > > work there (or fail differently), the problem is with your firewall (and > > possibly FTPd configuration, if you're using the ephemeral port range > > for PASV). If your tests fail in *exactly* the same manner as before, > > including the same timeout delays, you can ignore your firewall for the > > time being (but leave it open until you get FTP working, and *then* > > restrict it, so you're only testing one unknown at a time). Try running > > tcpdump and sockstat on the server to see what's coming and going for > > FTP traffic. /ports/net/trafshow might be helpful, too. > > > > Hello! > Thanks for the reply! > But I'm not running any firewall on my server... Ahh. So you're *not* having exactly the same problem. :-) > So, my problem shouldn't be with the firewall on my server... > > About the configuration of FTPd, I cannot find the config file > (ftpd.conf or ftpd.config or ftpd.cf )on my server(FreeBSD4.8 stable, > built yesterday). >From ftpd(8): FILES /etc/ftpusersList of unwelcome/restricted users. /etc/ftpchroot List of normal users who should be chroot'd. /etc/ftphostsVirtual hosting configuration file. /etc/ftpwelcome Welcome notice. /etc/ftpmotd Welcome notice after login. /var/run/nologin Displayed and access refused. /var/log/ftpdLog file for anonymous transfers. > Note that I'm trying to connect to FreeBSD from a windows > workstation both the workstation and the FreeBSD server are in > the same LAN From my Windows box, I can easilly connect via FTP to > other Linux sercers in my LAN or even out of the LAN.. But when I > connect to my FreeBSD server, it connecs well... but I cannot do > anything useful on the server I get the error "...425 can't build > data connection: operation timed out..." Try both active and passive modes for transfer. If you really have no firewall between the client and the server (remember the entire path from application to application is important), and there is no address translation going on, you should have no issues either way with the stock configurations of Windows and FreeBSD. If, on the other hand, you're running any sort of packet filter or "Personal Firewall" on the Windows machine, or using "Internet Connection Sharing", or if your "LAN" is more than an unmanaged link layer switch/hub, you're no longer running a stock config, and the results may be unpredictable. From your description, your problems do seem to point to a misconfiguration of FreeBSD, but I wouldn't bet my server farm on that quite yet. I'd highly recommend you take my earlier advice and run tcpdump and/or trafshow on the server to see what's really going on... and, if possible, compare with similar output from the client. Try connecting with different clients, too. If you aren't familiar with analysis using tcpdump, try some Googling on the subject, or ask for help. Equivalent output from a complete FTP client session would also be extremely helpful in diagnosing your problem. At this point, nobody here will be able to do more than go on a hunch as to what's causing the problem. There is probably a simple answer, but I can think of dozens of ways to reproduce the error message you've reported. > My server was running FreeBSD4.6 before and I didn't have any trouble > with FTPd I just upgraded yesterday and still, I haven't > noticed this problem I start getting this error just a while > ago... :-( ... I've rebooted the server... but it didn't help Assuming you kept backups of your config, check the diffs carefully. Don't suppose you can revert back to your old config and verify that this is still an issue? - Ryan -- Ryan Thompson <[EMAIL PROTECTED]> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTEC
Re: FreeBSD FTP problem
- Original Message - From: "Ryan Thompson" <[EMAIL PROTECTED]> To: "FreeBSD Questions" <[EMAIL PROTECTED]> Sent: Monday, July 07, 2003 1:07 AM Subject: Re: FreeBSD FTP problem > > [ CC: [EMAIL PROTECTED], reply to private email ] > [ BCC: sender, kept anonymous ] > > > Hello Ryan! > > I've seen your post at: > > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=Pi > > ne.BSF.4.10.10001272241220.56704-10%40sasknow.com&rnum=5&prev=/gro > > ups%3Fq%3DFreeBSD%2B%2B425%2Bcan%27t%2Bbuild%2Bdata%2Bconnection:%2Bop > > eration%2Btimed%2Bout%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26se > > lm%3DPine.BSF.4.10.10001272241220.56704-10%2540sasknow.com%26rnum% > > 3D5 > > *extremely* long line wrapped. Knowing just a little bit about Google, > this reduces to: > > http://groups.google.ca/groups?threadm=Pine.BSF.4.10.10001271959170.55593-10_sasknow.com%40ns.sol.net > > But, yes... That was little piece of history! :-) > > > I'm having exacly the same problem with my FreeBSD4.8. > > > > Some houres ago... eveything was Ok but I don't know what has > > changed I can still FTP the FeeBSD server from my windows box > > but nothing more just the same arror as the one you've described: > > "... 425 can't build data connection: operation timed out ..." :-((( > > > > Do you have any idea about how to get around this? > > Well, in my case, it turned out to be pilot error... FTP is a tricky > protocol to allow through default-deny firewalls, and I had simultaneous > bugs in my firewall config *and* FTPd config, with respect to passive > transfers. It took me a while to spot. > > Check your firewall config carefully, and make sure you have a good > understanding of how the FTP protocol works (in active and passive > modes). Completely open your firewall temporarily (i.e., ipfw add 201 > allow ip from any to any) and verify that things work there. If things > work there (or fail differently), the problem is with your firewall (and > possibly FTPd configuration, if you're using the ephemeral port range > for PASV). If your tests fail in *exactly* the same manner as before, > including the same timeout delays, you can ignore your firewall for the > time being (but leave it open until you get FTP working, and *then* > restrict it, so you're only testing one unknown at a time). Try running > tcpdump and sockstat on the server to see what's coming and going for > FTP traffic. /ports/net/trafshow might be helpful, too. > Hello! Thanks for the reply! But I'm not running any firewall on my server... Here's my /etc/rc.conf .. .. #named_enable="YES" firewall_enable="NO" #natd_enable="NO" #firewall_type="open" #firewall_script="/etc/rc.ipfw" enable_quotas="YES" check_quotas="NO" linux_enable="YES" ... ... So, my problem shouldn't be with the firewall on my server... About the configuration of FTPd, I cannot find the config file (ftpd.conf or ftpd.config or ftpd.cf )on my server(FreeBSD4.8 stable, built yesterday). Note that I'm trying to connect to FreeBSD from a windows workstation both the workstation and the FreeBSD server are in the same LAN From my Windows box, I can easilly connect via FTP to other Linux sercers in my LAN or even out of the LAN.. But when I connect to my FreeBSD server, it connecs well... but I cannot do anything useful on the server I get the error "...425 can't build data connection: operation timed out..." My server was running FreeBSD4.6 before and I didn't have any trouble with FTPd I just upgraded yesterday and still, I haven't noticed this problem I start getting this error just a while ago... :-( ... I've rebooted the server... but it didn't help Thanks for the support. Arcadius. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: FreeBSD FTP problem
[ CC: [EMAIL PROTECTED], reply to private email ] [ BCC: sender, kept anonymous ] > Hello Ryan! > I've seen your post at: > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=Pi > ne.BSF.4.10.10001272241220.56704-10%40sasknow.com&rnum=5&prev=/gro > ups%3Fq%3DFreeBSD%2B%2B425%2Bcan%27t%2Bbuild%2Bdata%2Bconnection:%2Bop > eration%2Btimed%2Bout%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26se > lm%3DPine.BSF.4.10.10001272241220.56704-10%2540sasknow.com%26rnum% > 3D5 *extremely* long line wrapped. Knowing just a little bit about Google, this reduces to: http://groups.google.ca/groups?threadm=Pine.BSF.4.10.10001271959170.55593-10_sasknow.com%40ns.sol.net But, yes... That was little piece of history! :-) > I'm having exacly the same problem with my FreeBSD4.8. > > Some houres ago... eveything was Ok but I don't know what has > changed I can still FTP the FeeBSD server from my windows box > but nothing more just the same arror as the one you've described: > "... 425 can't build data connection: operation timed out ..." :-((( > > Do you have any idea about how to get around this? Well, in my case, it turned out to be pilot error... FTP is a tricky protocol to allow through default-deny firewalls, and I had simultaneous bugs in my firewall config *and* FTPd config, with respect to passive transfers. It took me a while to spot. Check your firewall config carefully, and make sure you have a good understanding of how the FTP protocol works (in active and passive modes). Completely open your firewall temporarily (i.e., ipfw add 201 allow ip from any to any) and verify that things work there. If things work there (or fail differently), the problem is with your firewall (and possibly FTPd configuration, if you're using the ephemeral port range for PASV). If your tests fail in *exactly* the same manner as before, including the same timeout delays, you can ignore your firewall for the time being (but leave it open until you get FTP working, and *then* restrict it, so you're only testing one unknown at a time). Try running tcpdump and sockstat on the server to see what's coming and going for FTP traffic. /ports/net/trafshow might be helpful, too. Once you've tried that, feel free to send additional questions to [EMAIL PROTECTED] Hope this helps, - Ryan -- Ryan Thompson <[EMAIL PROTECTED]> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
