From: Whit B. <wh...@tr...> - 2003-09-11 19:36:40
|
Hi, I have two servers, each on the same two external lines, each running ProFTPD Version 1.2.9rc1, each with the same proftpd.conf, and each with the same firewall rules across both lines. With both servers, passive ftp connections succeed via both external lines. With one server however, active ftp connections succeed on one line but fail on the other (beyond login - which is passive anyway - can't do a successful ls, get or put). Where can the difference be lurking that's foiling port 20, but only via one external line on the one server, when the two external lines are the same for both servers? Both are running Gentoo. Both have the same routing rules and tables - adjusted only for the difference in IPs. The one with the trouble on the one line has some components that aren't as up-to-date, but I can't yet imagine which of those - or what else - could be creating this problem. No errors show in the logs. So it looks like this: Server 1 Server 2 Line 1 Line 2 Line 1 Line 2 Passive works works works works Active works FAILS works works When I run proftpd with -d9, the only difference on the failed connections is that it just stops. In the case of both working and failing connections the "ls" command at the client leads to: dispatching PRE_CMD command 'LIST' to mod_tls dispatching PRE_CMD command 'LIST' to mod_core dispatching PRE_CMD command 'LIST' to mod_core dispatching PRE_CMD command 'LIST' to mod_ratio dispatching CMD command 'LIST' to mod_ls ROOT PRIVS: ID switching disabled ROOT PRIVS: ID switching disabled - at which point the failing situation just stops logging this connection (other connections continue), while the successful situations go on with: active data connection opened - local : ... active data connection opened - remote : ... FS: using system stat() ... FS: using system opendir() ... - and so on. So it's not opening the active data connection, but it's not throwing an error either, and there's nothing logged as blocked by the firewall. Proftpd is on the same machine as the firewall, on both machines. It's running standalone on both machines. There are no references in the proftpd.conf file common to both to either IPs or interfaces. Thanks much for any guesses on where to look, Whit |