OpenVZ Forum


Home » International » Russian » Conntrack ftp
Re: Conntrack ftp [message #35350 is a reply to message #35347] Wed, 18 March 2009 16:59 Go to previous message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Я воспроизвел вашу ситуацию (на всякий случай привел вывод команды)
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       icmp --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports ftp-data,ftp,smtp,http,pop3,imap,https,smtps,imaps,pop3s
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports trellisagt,trellissvr,infowave,radsec,nbx-ser,nbx-dir
ACCEPT     icmp --  anywhere             anywhere            icmp ttl-zero-during-reassembly state NEW
ACCEPT     icmp --  anywhere             anywhere            icmp ttl-zero-during-transit state NEW
ACCEPT     icmp --  anywhere             anywhere            icmp type 0 code 0 state NEW
ACCEPT     icmp --  anywhere             anywhere            icmp type 8 code 0 state NEW
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable state NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP       icmp --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere            state NEW multiport dports ntp
           udp  --  anywhere             anywhere            state NEW multiport dports domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports nicname,http,https,submission,rsync
ACCEPT     tcp  --  anywhere             anywhere            state NEW multiport dports ftp,ssh,eli,sep OWNER UID match root




# uname -r
2.6.24-ovz008.1


Вы не путаете, у вас действительно passive режим не работает?
У меня похожая ситуация, но не работает active режим (оно и понятно, по вашим правилам вы режете все входящие tcp соединения со статусом NEW, не все, но почти все)

Вот, смотрите:
Quote:


# ftp SERVER
Connected to SERVER (*.*.*.*).
220 (vsFTPd 2.0.3)
Name (SERVER:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (*,*,*,*,113,109)
150 Here comes the directory listing.
drwx--x--- 2 ftp ftp 4096 Nov 11 2005 dir1
drwxrwxrwx 22 ftp ftp 4096 Mar 12 14:24 dir2
drwx------ 3 ftp ftp 4096 Mar 28 2006 dir3
drwxr-xr-x 10 ftp ftp 4096 Jan 12 2007 dir4
226 Directory send OK.



Quote:


# ftp SERVER
Connected to SERVER (*.*.*.*).
220 (vsFTPd 2.0.3)
Name (SERVER:root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> passive
Passive mode off.
ftp> ls
200 PORT command successful. Consider using PASV.
здесь мы висим

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Samba in VE
Next Topic: dm-ioband
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue Jul 23 20:13:46 GMT 2024

Total time taken to generate the page: 0.02446 seconds
Powered by FUDforum Powered by Virtuozzo Containers