Date: Sun, 6 Jul 2003 17:07:48 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD FTP problem Message-ID: <20030706164636.J21975-100000@ren.sasknow.com> In-Reply-To: <000d01c34406$9209e380$b57c2093@sh.cvut.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
[ CC: freebsd-questions@FreeBSD.org, reply to private email ] [ BCC: sender, kept anonymous ] > Hello Ryan! > I've seen your post at: > http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=Pi > ne.BSF.4.10.10001272241220.56704-100000%40sasknow.com&rnum=5&prev=/gro > ups%3Fq%3DFreeBSD%2B%2B425%2Bcan%27t%2Bbuild%2Bdata%2Bconnection:%2Bop > eration%2Btimed%2Bout%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26se > lm%3DPine.BSF.4.10.10001272241220.56704-100000%2540sasknow.com%26rnum% > 3D5 *extremely* long line wrapped. Knowing just a little bit about Google, this reduces to: http://groups.google.ca/groups?threadm=Pine.BSF.4.10.10001271959170.55593-100000_sasknow.com%40ns.sol.net But, yes... That was little piece of history! :-) > I'm having exacly the same problem with my FreeBSD4.8. > > Some houres ago... eveything was Ok.... but I don't know what has > changed.... I can still FTP the FeeBSD server from my windows box.... > but nothing more.... just the same arror as the one you've described: > "... 425 can't build data connection: operation timed out ..." :-((( > > Do you have any idea about how to get around this? Well, in my case, it turned out to be pilot error... FTP is a tricky protocol to allow through default-deny firewalls, and I had simultaneous bugs in my firewall config *and* FTPd config, with respect to passive transfers. It took me a while to spot. Check your firewall config carefully, and make sure you have a good understanding of how the FTP protocol works (in active and passive modes). Completely open your firewall temporarily (i.e., ipfw add 201 allow ip from any to any) and verify that things work there. If things work there (or fail differently), the problem is with your firewall (and possibly FTPd configuration, if you're using the ephemeral port range for PASV). If your tests fail in *exactly* the same manner as before, including the same timeout delays, you can ignore your firewall for the time being (but leave it open until you get FTP working, and *then* restrict it, so you're only testing one unknown at a time). Try running tcpdump and sockstat on the server to see what's coming and going for FTP traffic. /ports/net/trafshow might be helpful, too. Once you've tried that, feel free to send additional questions to questions@FreeBSD.org. Hope this helps, - Ryan -- Ryan Thompson <ryan@sasknow.com> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030706164636.J21975-100000>