Hi,
I'm trying to connect out from a Debian container to an external FTP server.
It works fine from the host node (with the same firewall) and it works fine from the container when I take down the firewall, but with the firewall up, it connects but will not do the directory listing:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> ls
200 PORT command successful. Consider using PASV.
425 Failed to establish connection.
ftp>
It looks like the ip_conntrack_ftp module doesn't seem to be working.
It's in both vz.conf and the container's own config file - 101.conf:
IPTABLES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_LOG ipt_conntrack ipt_helper ipt_state iptable_nat ip_nat_ftp ip_nat_irc ipt_TOS"
Host and container are both running Debian:
Host Node:
# uname -a
Linux 2.6.26-2-openvz-amd64 #1 SMP Tue Mar 9 23:10:10 UTC 2010 x86_64 GNU/Linux
# lsmod |grep ftp
nf_nat_ftp 7296 0
nf_nat 22548 3 nf_nat_irc,nf_nat_ftp,iptable_nat
nf_conntrack_ftp 12728 1 nf_nat_ftp
nf_conntrack 82688 10 nf_nat_irc,nf_nat_ftp,iptable_nat,nf_nat,xt_helper,xt_conntrack,nf_conntrack_irc,nf_conntrack_ftp,xt_state,nf_conntrack_ipv4
Container:
$ uname -a
Linux 2.6.26-2-openvz-amd64 #1 SMP Tue Mar 9 23:10:10 UTC 2010 i686 GNU/Linux
Any ideas why it's not working?
Thanks,
Ian
OpenVZ Forum
Members
Search
Help
Register
Login
Home
