FTP Problems

Discussion in 'Installation/Configuration' started by wabz, Nov 5, 2009.

  1. wabz

    wabz New Member

    Hi

    One of my servers has a problem. You can only FTP to it on the local area network which it is connected....clients can not FTP the server to upload files. When someone attempts an FTP connection when not on the LAN the server kinds of becomes unresponsive. This started happening after i had changed an internet modem that was blown. What cld be the problem.....I am using suse 11.1

    Tx
     
    wabz, Nov 5, 2009
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    This seems to be a problem with the firewall on your new internet modem.
     
    till, Nov 6, 2009
    #2
  3. wabz

    wabz New Member

    When you FTP

    When u ftp the server u get the following:

    Status: Resolving address of ....................
    Status: Connecting to ....................
    Status: Connection established, waiting for welcome message...
    Response: 220---------- Welcome to Pure-FTPd ----------
    Response: 220-You are user number 3 of 10 allowed.
    Response: 220-Local time is now 12:28. Server port: 21.
    Response: 220-This is a private system - No anonymous login
    Response: 220 You will be disconnected after 15 minutes of inactivity.
    Command: USER uwasnet
    Response: 331 User uwasnet OK. Password required
    Command: PASS *******
    Response: 230-User uwasnet has group access to: client2 video dialout
    Response: 230 OK. Current restricted directory is /
    Status: Connected
    Status: Retrieving directory listing...
    Command: PWD
    Error: Connection timed out
    Error: Failed to retrieve directory listing

    Now it even does it for the local area network.....only for that particular server
     
    wabz, Nov 10, 2009
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    post the output of:

    iptables -L
     
    till, Nov 11, 2009
    #4
  5. wabz

    wabz New Member

    Output of iptables -L

    Sorry i havent been in town for some time. Here is the output

    mail:~ # iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state ESTABLISHED
    ACCEPT icmp -- anywhere anywhere state RELATED
    input_int all -- anywhere anywhere
    input_ext all -- anywhere anywhere
    input_ext all -- anywhere anywhere
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
    DROP all -- anywhere anywhere

    Chain FORWARD (policy DROP)
    target prot opt source destination
    TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
    forward_int all -- anywhere anywhere
    forward_ext all -- anywhere anywhere
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
    DROP all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

    Chain forward_ext (1 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
    DROP all -- anywhere anywhere PKTTYPE = multicast
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT '
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDext-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere

    Chain forward_int (1 references)
    target prot opt source destination
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
    ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
    ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
    DROP all -- anywhere anywhere PKTTYPE = multicast
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT '
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-FWDint-DROP-DEFLT-INV '
    reject_func all -- anywhere anywhere

    Chain input_ext (2 references)
    target prot opt source destination
    DROP all -- anywhere anywhere PKTTYPE = broadcast
    ACCEPT icmp -- anywhere anywhere icmp source-quench
    ACCEPT icmp -- anywhere anywhere icmp echo-request
    ACCEPT xns-idp-- anywhere anywhere
    ACCEPT leaf-1-- anywhere anywhere
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:46324 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:46324
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http-alt flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:http
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:https
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imap flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:imap
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:pop3 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imaps flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:pop3s flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:urd flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:urd
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpts:30000:30100 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
    ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30100
    ACCEPT udp -- anywhere anywhere udp dpt:ssh
    ACCEPT udp -- anywhere anywhere udp dpt:smtp
    ACCEPT udp -- anywhere anywhere udp dpt:46324
    ACCEPT udp -- anywhere anywhere udp dpt:http-alt
    ACCEPT udp -- anywhere anywhere udp dpt:http
    ACCEPT udp -- anywhere anywhere udp dpt:https
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    DROP all -- anywhere anywhere PKTTYPE = multicast
    LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
    LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
    DROP all -- anywhere anywhere

    Chain input_int (1 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere

    Chain reject_func (1 references)
    target prot opt source destination
    REJECT tcp -- anywhere anywhere reject-with tcp-reset
    REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
    REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
    mail:~ #


    Tx for ur patience
     
    wabz, Jan 11, 2010
    #5
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    a) Which firewall do you use?
    b) Have you tried to stop the firewall temporarily. Does FTP work then?
     
    till, Jan 11, 2010
    #6
  7. wabz

    wabz New Member

    Using default SUSE 11 Firewall

    I am not using the firewall that came with ispconfig rather the default firewall for suse 11.1. Will try and stop the firewall and see what happends
     
    wabz, Jan 11, 2010
    #7

Share This Page