Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi.
I have searched for hours and didnt found something which is surely not so complicated.
I want to transfer files between my two coputers (both linux Fedora) via ftp. I dont have any interest on remote access from outside into my lan. I can access from both machines remote ftp machines.
I have installed vsftpd on both. I can do ftp on localhost without problems.
When i try to do ftp on the other machine, i get allways "no route to host".
I can do ssh on the other machine from both machines.
I have no idea about firewalls, iptables and so on, so I need simple instructions, please (do this, do that, but please no theoretical things).
My network:
Machine 1: walter (192.168.2.10), fedora 9
Machine 2: egon (192.168.2.11), fedora 10
I have a modem-router Siemens, both are wire connected to the router.
"no route to host" is a generic message indicating a network issue; it's not specific to FTP.
Run "/sbin/ifconfig" on both machines. Post results.
On each machine, ping the other both via host name and ip address. Post results.
run 'route' on both machines. Post results.
Also, are your IP addresses assigned by the router, or did you set them yourself?
Each time you post the results, copy and paste the actual text directly from the command line, and make sure that you use the 'code' tags here on linuxquestions.org; this makes the results much more legible.
I have added on /etc/sysconfig/iptables what is specified at that link at the bottom, but nothing. The /etc/sysconfig/iptables look like this:
On 192.168.2.10:
Code:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -s 192.168.2.0/24 -d 192.168.2.10 -m tcp --dport 21 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
On 192.168.2.11:
Code:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -s 192.168.2.0/24 -d 192.168.2.11 -m tcp --dport 21 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
The red line is what i added following the link above. I tried on both machines all combinations of the option -d (I mean, that I tried with both 2.10 and 2.11 in all possible combinations). I did restart the iptables after each modification. Nothing, no route to host.
1st of all stop your iptables sarvice and check the connectivity:
# service iptables stop
If it works fine then flush your iptables and then save iptables service
# iptables -F
# iptables -F -t nat
# iptables -F -t mangle
# service iptables save
If you're running FTP across a firewall, there are a few things that you need to be aware of: a ftp server uses two ports. One port is the 'control port' usually port 21, used for sending and receiving FTP commands. The other port is the 'data port' on port 20.
The client side is more complicated; the ftp server will send commands and data back to unprivileged ports on the client (ports greater than 1023). Exactly how this is handled depends on whether you are in active or passive mode. Check http://slacksite.com/other/ftp.html for a nice clear explanation.
Given all of these intricacies, you may want to consider using SFTP instead of FTP. It runs on port 22, it's part of the OpenSSH suite, it's secure, and it looks and feels just like FTP.
I don't run any firewalls on my LAN, because I trust the machines on my LAN.
I do run a firewall on my modem/router.
So the Big Bad Interweb is firewalled, but my LAN is trusted and trusting.
Works for me.
BTW, if you are running KDE then the fish://username@LAN_HostName protocol in konqueror is awesome. You just drag & drop files between PCs. You need to have ssh installed though (easy enough).
PING 192.168.2.10 (192.168.2.10) 56(84) bytes of data.
64 bytes from 192.168.2.10: icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from 192.168.2.10: icmp_seq=2 ttl=64 time=0.070 ms
64 bytes from 192.168.2.10: icmp_seq=3 ttl=64 time=0.068 ms
^C
--- 192.168.2.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2844ms
rtt min/avg/max/mdev = 0.067/0.068/0.070/0.006 ms
Umm... I figured that this was a typo, but on the outside chance that you've got an IP address conflict or something, can you re-run the ping from 192.168.2.10 to .11?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.