FreeBSD FTP problem

Ryan Thompson ryan at sasknow.com
Sun Jul 6 16:07:51 PDT 2003 

[ CC:  freebsd-questions at FreeBSD.org, reply to private email ]
[ BCC: sender, kept anonymous ]

> Hello Ryan!
> I've seen your post at:
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&threadm=Pi
> ne.BSF.4.10.10001272241220.56704-100000%40sasknow.com&rnum=5&prev=/gro
> ups%3Fq%3DFreeBSD%2B%2B425%2Bcan%27t%2Bbuild%2Bdata%2Bconnection:%2Bop
> eration%2Btimed%2Bout%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26se
> lm%3DPine.BSF.4.10.10001272241220.56704-100000%2540sasknow.com%26rnum%
> 3D5

*extremely* long line wrapped. Knowing just a little bit about Google,
this reduces to:

http://groups.google.ca/groups?threadm=Pine.BSF.4.10.10001271959170.55593-100000_sasknow.com%40ns.sol.net

But, yes... That was little piece of history! :-)

> I'm having exacly the same problem with my FreeBSD4.8.
>
> Some houres ago... eveything was Ok.... but I don't know what has
> changed.... I can still FTP the FeeBSD server from my windows box....
> but nothing more.... just the same arror as the one you've described:
> "... 425 can't build data connection: operation timed out ..." :-(((
>
> Do you have any idea about how to get around this?

Well, in my case, it turned out to be pilot error... FTP is a tricky
protocol to allow through default-deny firewalls, and I had simultaneous
bugs in my firewall config *and* FTPd config, with respect to passive
transfers. It took me a while to spot.

Check your firewall config carefully, and make sure you have a good
understanding of how the FTP protocol works (in active and passive
modes). Completely open your firewall temporarily (i.e., ipfw add 201
allow ip from any to any) and verify that things work there. If things
work there (or fail differently), the problem is with your firewall (and
possibly FTPd configuration, if you're using the ephemeral port range
for PASV). If your tests fail in *exactly* the same manner as before,
including the same timeout delays, you can ignore your firewall for the
time being (but leave it open until you get FTP working, and *then*
restrict it, so you're only testing one unknown at a time). Try running
tcpdump and sockstat on the server to see what's coming and going for
FTP traffic. /ports/net/trafshow might be helpful, too.

Once you've tried that, feel free to send additional questions to
questions at FreeBSD.org.

Hope this helps,
- Ryan

-- 
  Ryan Thompson <ryan at sasknow.com>

  SaskNow Technologies - http://www.sasknow.com
  901-1st Avenue North - Saskatoon, SK - S7K 1Y4

        Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America

More information about the freebsd-questions mailing list