FreeBSD FTP problem

Arcadius A. ahouans at sh.cvut.cz
Mon Jul 7 02:45:06 PDT 2003 

Hello!
----- Original Message ----- 
From: "Ryan Thompson" <ryan at sasknow.com>
To: "Arcadius A." <ahouans at sh.cvut.cz>
Cc: "FreeBSD Questions" <freebsd-questions at freebsd.org>
Sent: Monday, July 07, 2003 6:36 AM
Subject: Re: FreeBSD FTP problem


> Arcadius A. wrote to Ryan Thompson and FreeBSD Questions:
>
> > > > but nothing more.... just the same arror as the one you've
described:
> > > > "... 425 can't build data connection: operation timed out ..." :-(((
> > > >
> > > > Do you have any idea about how to get around this?
> > >
> > > Well, in my case, it turned out to be pilot error... FTP is a tricky
> > > protocol to allow through default-deny firewalls, and I had
simultaneous
> > > bugs in my firewall config *and* FTPd config, with respect to passive
> > > transfers. It took me a while to spot.
> > >
> > > Check your firewall config carefully, and make sure you have a good
> > > understanding of how the FTP protocol works (in active and passive
> > > modes). Completely open your firewall temporarily (i.e., ipfw add 201
> > > allow ip from any to any) and verify that things work there. If things
> > > work there (or fail differently), the problem is with your firewall
(and
> > > possibly FTPd configuration, if you're using the ephemeral port range
> > > for PASV). If your tests fail in *exactly* the same manner as before,
> > > including the same timeout delays, you can ignore your firewall for
the
> > > time being (but leave it open until you get FTP working, and *then*
> > > restrict it, so you're only testing one unknown at a time). Try
running
> > > tcpdump and sockstat on the server to see what's coming and going for
> > > FTP traffic. /ports/net/trafshow might be helpful, too.
> > >
> >
> > Hello!
> > Thanks for the reply!
> > But I'm not running any firewall on my server...
>
> Ahh. So you're *not* having exactly the same problem. :-)
>
> > So, my problem shouldn't be with the firewall on my server...
> >
> > About the configuration of  FTPd, I cannot find the config file
> > (ftpd.conf or ftpd.config or ftpd.cf )on my server(FreeBSD4.8 stable,
> > built yesterday).
>
> >From ftpd(8):
> FILES
>      /etc/ftpusers    List of unwelcome/restricted users.
>      /etc/ftpchroot   List of normal users who should be chroot'd.
>      /etc/ftphosts    Virtual hosting configuration file.
>      /etc/ftpwelcome  Welcome notice.
>      /etc/ftpmotd     Welcome notice after login.
>      /var/run/nologin
>                       Displayed and access refused.
>      /var/log/ftpd    Log file for anonymous transfers.
>
> > Note that I'm trying to connect to FreeBSD from a windows
> > workstation....  both the workstation and the FreeBSD server are in
> > the same LAN.... From my Windows box, I can easilly connect via FTP to
> > other Linux sercers in my LAN or even out of the LAN.. But when I
> > connect to my FreeBSD server, it connecs well... but I cannot do
> > anything useful on the server.... I get the error "...425 can't build
> > data connection: operation timed out..."
>
> Try both active and passive modes for transfer. If you really have no
> firewall between the client and the server (remember the entire path
> from application to application is important), and there is no address
> translation going on, you should have no issues either way with the
> stock configurations of Windows and FreeBSD.
>
> If, on the other hand, you're running any sort of packet filter or
> "Personal Firewall" on the Windows machine, or using "Internet

Let me mention that when I was having this problem yesterday, when I ping to
my local Linux gateway, it takes in average time 200ms(but normally, it use
to take <1ms), and I had to go thru that gateway before getting to my
FreeBSD server.
I didn't mention it yesterday because  I have to go thru that same gateway
before reaching the Linux boxes I have successfully connected to when I was
having troubles with the BSD box.

Right now, the time to reach the gateway has dropped to its normal value
(<1ms) and the FreeBSD box now works quite fine...
So, the problem with the FreeBSD server was triggered by some anomalies in
our network....

Yes, there is a firewall on that Linux gateway.... but I have no control on
it....

Thank so much for the support.

Arcadius A.

More information about the freebsd-questions mailing list