Date: Mon, 7 Jul 2003 11:44:58 +0200 From: "Arcadius A." <ahouans@sh.cvut.cz> To: "Ryan Thompson" <ryan@sasknow.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: FreeBSD FTP problem Message-ID: <002701c3446c$6dea6360$b57c2093@sh.cvut.cz> References: <20030706221939.X21975-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello! ----- Original Message ----- From: "Ryan Thompson" <ryan@sasknow.com> To: "Arcadius A." <ahouans@sh.cvut.cz> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org> Sent: Monday, July 07, 2003 6:36 AM Subject: Re: FreeBSD FTP problem > Arcadius A. wrote to Ryan Thompson and FreeBSD Questions: > > > > > but nothing more.... just the same arror as the one you've described: > > > > "... 425 can't build data connection: operation timed out ..." :-((( > > > > > > > > Do you have any idea about how to get around this? > > > > > > Well, in my case, it turned out to be pilot error... FTP is a tricky > > > protocol to allow through default-deny firewalls, and I had simultaneous > > > bugs in my firewall config *and* FTPd config, with respect to passive > > > transfers. It took me a while to spot. > > > > > > Check your firewall config carefully, and make sure you have a good > > > understanding of how the FTP protocol works (in active and passive > > > modes). Completely open your firewall temporarily (i.e., ipfw add 201 > > > allow ip from any to any) and verify that things work there. If things > > > work there (or fail differently), the problem is with your firewall (and > > > possibly FTPd configuration, if you're using the ephemeral port range > > > for PASV). If your tests fail in *exactly* the same manner as before, > > > including the same timeout delays, you can ignore your firewall for the > > > time being (but leave it open until you get FTP working, and *then* > > > restrict it, so you're only testing one unknown at a time). Try running > > > tcpdump and sockstat on the server to see what's coming and going for > > > FTP traffic. /ports/net/trafshow might be helpful, too. > > > > > > > Hello! > > Thanks for the reply! > > But I'm not running any firewall on my server... > > Ahh. So you're *not* having exactly the same problem. :-) > > > So, my problem shouldn't be with the firewall on my server... > > > > About the configuration of FTPd, I cannot find the config file > > (ftpd.conf or ftpd.config or ftpd.cf )on my server(FreeBSD4.8 stable, > > built yesterday). > > >From ftpd(8): > FILES > /etc/ftpusers List of unwelcome/restricted users. > /etc/ftpchroot List of normal users who should be chroot'd. > /etc/ftphosts Virtual hosting configuration file. > /etc/ftpwelcome Welcome notice. > /etc/ftpmotd Welcome notice after login. > /var/run/nologin > Displayed and access refused. > /var/log/ftpd Log file for anonymous transfers. > > > Note that I'm trying to connect to FreeBSD from a windows > > workstation.... both the workstation and the FreeBSD server are in > > the same LAN.... From my Windows box, I can easilly connect via FTP to > > other Linux sercers in my LAN or even out of the LAN.. But when I > > connect to my FreeBSD server, it connecs well... but I cannot do > > anything useful on the server.... I get the error "...425 can't build > > data connection: operation timed out..." > > Try both active and passive modes for transfer. If you really have no > firewall between the client and the server (remember the entire path > from application to application is important), and there is no address > translation going on, you should have no issues either way with the > stock configurations of Windows and FreeBSD. > > If, on the other hand, you're running any sort of packet filter or > "Personal Firewall" on the Windows machine, or using "Internet Let me mention that when I was having this problem yesterday, when I ping to my local Linux gateway, it takes in average time 200ms(but normally, it use to take <1ms), and I had to go thru that gateway before getting to my FreeBSD server. I didn't mention it yesterday because I have to go thru that same gateway before reaching the Linux boxes I have successfully connected to when I was having troubles with the BSD box. Right now, the time to reach the gateway has dropped to its normal value (<1ms) and the FreeBSD box now works quite fine... So, the problem with the FreeBSD server was triggered by some anomalies in our network.... Yes, there is a firewall on that Linux gateway.... but I have no control on it.... Thank so much for the support. Arcadius A.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002701c3446c$6dea6360$b57c2093>