LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-18-2013, 02:51 PM   #16
mddnix
Member
 
Registered: Mar 2013
Location: Bengaluru, India
Distribution: Redhat, Arch, Ubuntu
Posts: 498

Rep: Reputation: 137Reputation: 137

OK, then only two things to check are
  1. Has both machines have been assigned same virtual network in 'source device'. (Screenshot)?
  2. Has IP configured properly..?

In my case (its 192.168.122.0 network)
Code:
>>>| root@server1:~ |<<< # cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
TYPE=Ethernet
UUID=afc60235-a741-4e5e-8d75-99b7804c5655
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=52:54:00:73:0F:F5
IPADDR=192.168.122.50
PREFIX=24
GATEWAY=192.168.122.1
DNS1=192.168.122.1
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"

>>>| root@server1:~ |<<< # cat /etc/udev/rules.d/70-persistent-net.rules 
# PCI device 0x1af4:0x1000 (virtio-pci)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:73:0f:f5", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

>>>| root@server1:~ |<<< # ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 52:54:00:73:0F:F5  
          inet addr:192.168.122.50  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fe73:ff5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21452 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4734 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17828890 (17.0 MiB)  TX bytes:796770 (778.0 KiB)

>>>| root@server1:~ |<<< # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.122.0   *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     1002   0        0 eth0
default         192.168.122.1   0.0.0.0         UG    0      0        0 eth0
Attached Thumbnails
Click image for larger version

Name:	cap1.png
Views:	6
Size:	220.3 KB
ID:	14264  
 
Old 12-18-2013, 11:40 PM   #17
shazgaurav
LQ Newbie
 
Registered: Apr 2013
Posts: 29

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by mddesai View Post
OK, then only two things to check are
  1. Has both machines have been assigned same virtual network in 'source device'. (Screenshot)?
  2. Has IP configured properly..?

In my case (its 192.168.122.0 network)
Code:
>>>| root@server1:~ |<<< # cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
TYPE=Ethernet
UUID=afc60235-a741-4e5e-8d75-99b7804c5655
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=52:54:00:73:0F:F5
IPADDR=192.168.122.50
PREFIX=24
GATEWAY=192.168.122.1
DNS1=192.168.122.1
DNS2=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"

>>>| root@server1:~ |<<< # cat /etc/udev/rules.d/70-persistent-net.rules 
# PCI device 0x1af4:0x1000 (virtio-pci)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:73:0f:f5", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

>>>| root@server1:~ |<<< # ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 52:54:00:73:0F:F5  
          inet addr:192.168.122.50  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fe73:ff5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21452 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4734 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17828890 (17.0 MiB)  TX bytes:796770 (778.0 KiB)

>>>| root@server1:~ |<<< # route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.122.0   *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     1002   0        0 eth0
default         192.168.122.1   0.0.0.0         UG    0      0        0 eth0
I made the changes in /etc/sysconfig/network-scripts/ifcfg-eth0 and ping seems to work now.But problem still persists with lftp(screenshot).
Attached Thumbnails
Click image for larger version

Name:	net.png
Views:	9
Size:	136.3 KB
ID:	14269  
 
Old 12-19-2013, 01:04 AM   #18
mddnix
Member
 
Registered: Mar 2013
Location: Bengaluru, India
Distribution: Redhat, Arch, Ubuntu
Posts: 498

Rep: Reputation: 137Reputation: 137
There are certain things to check.
  1. If you also want to login as users other than anonymous, then make sure you have uncommented the line in /etc/vsftpd/vsftpd.conf
    local_enable=YES

  2. It is not recommended to login to ftp server as root. But for whatever reason if you want to login as root, then remove root user from file ftpusers and user_list

  3. Set proper SELinux context. On terminal as root, enter..
    # setsebool -P ftp_home_dir on

  4. restart vsftpd server
    # service vsftpd restart

Code:
$ lftp -u root 192.168.122.50
Password: 
lftp root@192.168.122.50:~> ls         
-rw-------    1 0        0            1532 Dec 11 16:43 anaconda-ks.cfg
drwxr-xr-x    2 0        0            4096 Dec 15 05:40 backup
-rw-r--r--    1 0        0           51020 Dec 11 16:43 install.log
-rw-r--r--    1 0        0           10033 Dec 11 16:39 install.log.syslog
 
Old 12-19-2013, 01:58 AM   #19
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,687

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by shazgaurav View Post
I made the changes in /etc/sysconfig/network-scripts/ifcfg-eth0 and ping seems to work now.But problem still persists with lftp(screenshot).
I don't know how to interpret the lftp output. Can you try telnet 192.168.100.192 21 again?
If ping gets through, and port 21 is open, and the vsftpd is running, it's time to check the vsftpd log file as I suggested earlier.
 
Old 12-19-2013, 11:25 AM   #20
shazgaurav
LQ Newbie
 
Registered: Apr 2013
Posts: 29

Original Poster
Rep: Reputation: Disabled
[root@tester1 ~]# ping 192.168.100.193
PING 192.168.100.193 (192.168.100.193) 56(84) bytes of data.
64 bytes from 192.168.100.193: icmp_seq=1 ttl=64 time=0.877 ms
64 bytes from 192.168.100.193: icmp_seq=2 ttl=64 time=0.894 ms
64 bytes from 192.168.100.193: icmp_seq=3 ttl=64 time=0.864 ms
64 bytes from 192.168.100.193: icmp_seq=4 ttl=64 time=1.00 ms
^C
--- 192.168.100.193 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3739ms
rtt min/avg/max/mdev = 0.864/0.910/1.006/0.060 ms

[root@tester1 ~]# telnet 192.168.100.193 21
Trying 192.168.100.193...
telnet: connect to address 192.168.100.193: No route to host

[root@server1 ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

It is strange that ping works and telnet does not even when port 21 is open.

Last edited by shazgaurav; 12-19-2013 at 10:26 PM.
 
Old 12-19-2013, 11:47 AM   #21
shazgaurav
LQ Newbie
 
Registered: Apr 2013
Posts: 29

Original Poster
Rep: Reputation: Disabled
[root@server1 vsftpd]# netstat -nlp| grep ':21'
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2132/vsftpd

Last edited by shazgaurav; 12-19-2013 at 10:12 PM.
 
Old 12-19-2013, 12:50 PM   #22
shazgaurav
LQ Newbie
 
Registered: Apr 2013
Posts: 29

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by shazgaurav View Post
[root@server1 vsftpd]# netstat -nlp| grep ':21'
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2132/vsftpd
xferlog in server1.example.com(192.168.100.193) does not show up anything.

Last edited by shazgaurav; 12-19-2013 at 10:12 PM.
 
Old 12-19-2013, 10:42 PM   #23
shazgaurav
LQ Newbie
 
Registered: Apr 2013
Posts: 29

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by mddesai View Post
There are certain things to check.
  1. If you also want to login as users other than anonymous, then make sure you have uncommented the line in /etc/vsftpd/vsftpd.conf
    local_enable=YES

  2. It is not recommended to login to ftp server as root. But for whatever reason if you want to login as root, then remove root user from file ftpusers and user_list

  3. Set proper SELinux context. On terminal as root, enter..
    # setsebool -P ftp_home_dir on

  4. restart vsftpd server
    # service vsftpd restart

Code:
$ lftp -u root 192.168.122.50
Password: 
lftp root@192.168.122.50:~> ls         
-rw-------    1 0        0            1532 Dec 11 16:43 anaconda-ks.cfg
drwxr-xr-x    2 0        0            4096 Dec 15 05:40 backup
-rw-r--r--    1 0        0           51020 Dec 11 16:43 install.log
-rw-r--r--    1 0        0           10033 Dec 11 16:39 install.log.syslog
[root@server1 vsftpd]# setsebool -P ftp_home_dir on
[root@server1 vsftpd]# echo $?
0
[root@server1 vsftpd]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@server1 vsftpd]# netstat -nlp | grep 21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2714/vsftpd
udp 0 0 0.0.0.0:44211 0.0.0.0:* 1541/rpc.statd
udp 0 0 0.0.0.0:821 0.0.0.0:* 1494/rpcbind
udp 0 0 :::821 :::* 1494/rpcbind
unix 2 [ ACC ] STREAM LISTENING 16721 2206/metacity /tmp/orbit-root/linc-89e-0-5631ecc7f39cd
unix 2 [ ACC ] STREAM LISTENING 16770 2212/gnome-panel /tmp/orbit-root/linc-8a4-0-1eb638c3f5b3
unix 2 [ ACC ] STREAM LISTENING 18196 2214/nautilus /tmp/orbit-root/linc-8a6-0-2a9c77ebbe381
unix 2 [ ACC ] STREAM LISTENING 16075 2173/gconfd-2 /tmp/orbit-root/linc-87d-0-1c5bd42b4960
unix 2 [ ACC ] STREAM LISTENING 15950 2103/dbus-daemon @/tmp/dbus-3TCsTBxEHA
unix 2 [ ACC ] STREAM LISTENING 12104 1494/rpcbind /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 12189 1509/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 16486 2182/gnome-settings /tmp/orbit-root/linc-886-0-7fd573d952573
unix 2 [ ACC ] STREAM LISTENING 14721 1927/gdm-simple-sla @/tmp/gdm-session-jYCZESRq
unix 2 [ ACC ] STREAM LISTENING 16847 2216/bonobo-activat /tmp/orbit-root/linc-8a8-0-3a8d562768b99
unix 2 [ ACC ] STREAM LISTENING 16620 2186/seahorse-daemo /tmp/orbit-root/linc-88a-0-5409e7e0a19db
unix 2 [ ACC ] STREAM LISTENING 17934 2421/gconf-im-setti /tmp/orbit-root/linc-975-0-5750498e87d29
[root@server1 vsftpd]#

From 192.168.100.230 telnet still doesnot work

Last edited by shazgaurav; 12-19-2013 at 10:43 PM.
 
Old 12-20-2013, 12:31 AM   #24
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,687

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by shazgaurav View Post
[root@server1 vsftpd]#

From 192.168.100.230 telnet still doesnot work
Both tester1 and server1 are virtual machines on the same host, right? Using KVM? Maybe the iptables configuration on the host provides some insight. I have had a similar problem with three VMs, let's call them A, B and C. A could connect to both B and C, B only to C, and C could connect to neither. I solved it by changing the host's iptables configuration.

In my case, A, B and C each used a different KVM network, which is different from yours. Still worth trying though.
 
Old 12-20-2013, 04:13 AM   #25
shazgaurav
LQ Newbie
 
Registered: Apr 2013
Posts: 29

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by berndbausch View Post
Both tester1 and server1 are virtual machines on the same host, right? Using KVM? Maybe the iptables configuration on the host provides some insight. I have had a similar problem with three VMs, let's call them A, B and C. A could connect to both B and C, B only to C, and C could connect to neither. I solved it by changing the host's iptables configuration.

In my case, A, B and C each used a different KVM network, which is different from yours. Still worth trying though.
Indeed I am using virtual machines on KVM on same host.The iptables for host shows like(screenshot)
Attached Thumbnails
Click image for larger version

Name:	ip@.png
Views:	8
Size:	67.8 KB
ID:	14277  
 
Old 12-21-2013, 12:23 AM   #26
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
1.i see iptables are not configured to allow source ports but thats on least priority..
2.i cant even see telnet and other incoming requests are allowed.
3.i told you to check with ftp server ip first, i think you want to stick with lftp without knowing how it works.
4.all have been checked twice and thrice in this thread but not why the logs doesnt show anything, is the request even coming to the source server ? My answer is no.
5.did you checked if the ftp is working from your FTP server machine with localhost and if not working what error it throws in the logs?
 
Old 12-21-2013, 12:36 AM   #27
shazgaurav
LQ Newbie
 
Registered: Apr 2013
Posts: 29

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by SAbhi View Post
1.i see iptables are not configured to allow source ports but thats on least priority..
2.i cant even see telnet and other incoming requests are allowed.
3.i told you to check with ftp server ip first, i think you want to stick with lftp without knowing how it works.
4.all have been checked twice and thrice in this thread but not why the logs doesnt show anything, is the request even coming to the source server ? My answer is no.
5.did you checked if the ftp is working from your FTP server machine with localhost and if not working what error it throws in the logs?
FTP server ip is 192.168.100.193.I would like to connect it from client(192.168.100.230).FTP server does work by using localhost (screenshot)
Attached Thumbnails
Click image for larger version

Name:	ftp1.png
Views:	6
Size:	113.4 KB
ID:	14283   Click image for larger version

Name:	ftp2.png
Views:	5
Size:	114.0 KB
ID:	14284   Click image for larger version

Name:	ftp3.png
Views:	5
Size:	116.3 KB
ID:	14285  
 
Old 12-21-2013, 12:56 AM   #28
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
here is what can allow FTP requests in and out :
Code:
iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d destinaletion_ip --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s Source_ip --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

To allow telnet incoming and outgoing requests:
Code:
iptables -A OUTPUT -p tcp --dport 23 -j ACCEPT
iptables -A INPUT -p tcp --dport 23 -j ACCEPT
save iptables and restart service.
 
Old 12-21-2013, 01:09 AM   #29
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,687

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by shazgaurav View Post
Indeed I am using virtual machines on KVM on same host.The iptables for host shows like(screenshot)
My mistake, sorry.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
regarding lftp santhosh-e Linux - Software 3 01-03-2012 10:22 AM
lftp mikeshn Linux - Software 11 07-20-2011 01:44 PM
Lftp help pls maceee Linux - Server 2 02-25-2009 03:33 AM
lftp HELP knappster Linux - Software 2 08-03-2004 11:34 AM
about lftp oskernel Linux - Software 1 10-29-2003 03:14 PM


All times are GMT -5. The time now is 09:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration