LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   FTP between two linux systems inside a LAN (https://www.linuxquestions.org/questions/linux-networking-3/ftp-between-two-linux-systems-inside-a-lan-767418/)

lucasito 11-06-2009 05:34 PM
FTP between two linux systems inside a LAN
 
Hi.
I have searched for hours and didnt found something which is surely not so complicated.

I want to transfer files between my two coputers (both linux Fedora) via ftp. I dont have any interest on remote access from outside into my lan. I can access from both machines remote ftp machines.

I have installed vsftpd on both. I can do ftp on localhost without problems.

When i try to do ftp on the other machine, i get allways "no route to host".

I can do ssh on the other machine from both machines.

I have no idea about firewalls, iptables and so on, so I need simple instructions, please (do this, do that, but please no theoretical things).

My network:
Machine 1: walter (192.168.2.10), fedora 9
Machine 2: egon (192.168.2.11), fedora 10
I have a modem-router Siemens, both are wire connected to the router.

Thank you very much.

wfh 11-06-2009 05:58 PM
Quote:
Originally Posted by lucasito (Post 3747647)
I can do ssh on the other machine from both machines.

I have no idea about firewalls, iptables and so on, so I need simple instructions
Simple instructions:

http://www.linuxhomenetworking.com/w...atus_of_VSFTPD

If this doesn't work, we can try looking at your firewall.

Install 'nmap'

Then do the following *FROM BOTH MACHINES*:

Code:
nmap -sT -P0 192.168.2.10 port 20-21
nmap -sT -P0 192.168.2.11 port 20-21
Then please post the results from each scan.

bartonski 11-06-2009 06:03 PM
"no route to host" is a generic message indicating a network issue; it's not specific to FTP.

Run "/sbin/ifconfig" on both machines. Post results.

On each machine, ping the other both via host name and ip address. Post results.

run 'route' on both machines. Post results.

Also, are your IP addresses assigned by the router, or did you set them yourself?

Each time you post the results, copy and paste the actual text directly from the command line, and make sure that you use the 'code' tags here on linuxquestions.org; this makes the results much more legible.

lucasito 11-06-2009 07:25 PM
I had been already at that link some hours ago. I found it very helpful to install vsftpd, but it did not solve my problem.

Quote:
nmap -sT -P0 192.168.2.10 port 20-21
nmap -sT -P0 192.168.2.11 port 20-21
On 192.168.2.10:
Code:
$ /usr/bin/nmap -sT -P0 192.168.2.10 port 20-21
Starting Nmap 4.53 ( http://insecure.org ) at 2009-11-07 02:20 CET
Warning: Hostname port resolves to 2 IPs. Using 62.157.x.x.
Invalid target host specification: 20-21
QUITTING!

$ /usr/bin/nmap -sT -P0 192.168.2.11 port 20-21
Starting Nmap 4.53 ( http://insecure.org ) at 2009-11-07 02:21 CET
Warning: Hostname port resolves to 2 IPs. Using 62.157.x.x.
Invalid target host specification: 20-21
On 192.168.2.11:
Code:
$ /usr/bin/nmap -sT -P0 192.168.2.10 port 20-21
Starting Nmap 5.00 ( http://nmap.org ) at 2009-11-07 02:28 CET
Warning: Hostname port resolves to 2 IPs. Using 62.157.x.x.
Invalid target host specification: 20-21
QUITTING!
$ /usr/bin/nmap -sT -P0 192.168.2.11 port 20-21
Starting Nmap 5.00 ( http://nmap.org ) at 2009-11-07 02:28 CET
Warning: Hostname port resolves to 2 IPs. Using 80.156.86.78.
Invalid target host specification: 20-21
QUITTING!


Quote:
Run "/sbin/ifconfig" on both machines. Post results.
192.168.2.10
Code:
$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:08:A1:4F:D5:A8
          inet addr:192.168.2.10  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::208:a1ff:fe4f:d5a8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:134715 errors:0 dropped:0 overruns:0 frame:0
          TX packets:115306 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:122771186 (117.0 MiB)  TX bytes:13655972 (13.0 MiB)
          Interrupt:16

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:217888 errors:0 dropped:0 overruns:0 frame:0
          TX packets:217888 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:27320332 (26.0 MiB)  TX bytes:27320332 (26.0 MiB)
192.168.2.11
Code:
$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:14:0B:02:11:31
          inet addr:192.168.2.11  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::214:bff:fe02:1131/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:116474 errors:0 dropped:0 overruns:0 frame:0
          TX packets:106610 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:166352517 (158.6 MiB)  TX bytes:8134952 (7.7 MiB)
          Interrupt:20 Base address:0xe000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:40 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4491 (4.3 KiB)  TX bytes:4491 (4.3 KiB)
Quote:
On each machine, ping the other both via host name and ip address. Post results.
10 from 11:
Code:
PING 192.168.2.10 (192.168.2.10) 56(84) bytes of data.
64 bytes from 192.168.2.10: icmp_seq=1 ttl=64 time=0.416 ms
64 bytes from 192.168.2.10: icmp_seq=2 ttl=64 time=0.187 ms
64 bytes from 192.168.2.10: icmp_seq=3 ttl=64 time=0.217 ms
64 bytes from 192.168.2.10: icmp_seq=4 ttl=64 time=0.209 ms
64 bytes from 192.168.2.10: icmp_seq=5 ttl=64 time=0.214 ms
64 bytes from 192.168.2.10: icmp_seq=6 ttl=64 time=0.228 ms
^C
--- 192.168.2.10 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5144ms
rtt min/avg/max/mdev = 0.187/0.245/0.416/0.077 ms
11 from 10:
Code:
PING 192.168.2.10 (192.168.2.10) 56(84) bytes of data.
64 bytes from 192.168.2.10: icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from 192.168.2.10: icmp_seq=2 ttl=64 time=0.070 ms
64 bytes from 192.168.2.10: icmp_seq=3 ttl=64 time=0.068 ms
^C
--- 192.168.2.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2844ms
rtt min/avg/max/mdev = 0.067/0.068/0.070/0.006 ms
Quote:
run 'route' on both machines. Post results.
10:
Code:
$ route
Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
192.168.2.0    *              255.255.255.0  U    0      0        0 eth0
default        192.168.2.2    0.0.0.0        UG    0      0        0 eth0
11:
Code:
$ route
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
192.168.2.0    *              255.255.255.0  U    1      0        0 eth0
default        192.168.2.2    0.0.0.0        UG    0      0        0 eth0
Quote:
Also, are your IP addresses assigned by the router, or did you set them yourself?
The router assigns them, but always the same via mac address. The router is 192.168.2.2

dxqcanada 11-06-2009 07:38 PM
Quote:
Originally Posted by lucasito (Post 3747647)
I can do ssh on the other machine from both machines
OK, so you do have TCP/IP connectivity from one host to the other.
... so only FTP gets a "no route to host"


Last time I saw a post like that ... I think it was caused by IP Filtering ... it was posted within the last couple of days.

lucasito 11-07-2009 06:42 AM
New tries, but nothing
 
I have found this:

http://www.linuxquestions.org/questi...on-lan-104684/

I have added on /etc/sysconfig/iptables what is specified at that link at the bottom, but nothing. The /etc/sysconfig/iptables look like this:

On 192.168.2.10:
Code:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -s 192.168.2.0/24 -d 192.168.2.10 -m tcp --dport 21 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
On 192.168.2.11:
Code:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A INPUT -p tcp -s 192.168.2.0/24 -d 192.168.2.11 -m tcp --dport 21 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
The red line is what i added following the link above. I tried on both machines all combinations of the option -d (I mean, that I tried with both 2.10 and 2.11 in all possible combinations). I did restart the iptables after each modification. Nothing, no route to host.

The iptables -L says:
On 192.168.2.10:
Code:
$ iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    icmp --  anywhere            anywhere
ACCEPT    all  --  anywhere            anywhere
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited
ACCEPT    tcp  --  192.168.2.0/24      192.168.2.11        tcp dpt:ftp

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination
On 192.168.2.11:
Code:
$ iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    icmp --  anywhere            anywhere
ACCEPT    all  --  anywhere            anywhere
ACCEPT    tcp  --  anywhere            anywhere            state NEW tcp dpt:ssh
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited
ACCEPT    tcp  --  192.168.2.0/24      192.168.2.10        tcp dpt:ftp

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

luck.anshu 11-07-2009 08:30 AM
Do one thing:

1st of all stop your iptables sarvice and check the connectivity:
# service iptables stop

If it works fine then flush your iptables and then save iptables service
# iptables -F
# iptables -F -t nat
# iptables -F -t mangle
# service iptables save

bartonski 11-07-2009 01:01 PM
If you're running FTP across a firewall, there are a few things that you need to be aware of: a ftp server uses two ports. One port is the 'control port' usually port 21, used for sending and receiving FTP commands. The other port is the 'data port' on port 20.

The client side is more complicated; the ftp server will send commands and data back to unprivileged ports on the client (ports greater than 1023). Exactly how this is handled depends on whether you are in active or passive mode. Check http://slacksite.com/other/ftp.html for a nice clear explanation.

Given all of these intricacies, you may want to consider using SFTP instead of FTP. It runs on port 22, it's part of the OpenSSH suite, it's secure, and it looks and feels just like FTP.

nimnull22 11-07-2009 01:12 PM
One more information:
http://www.linuxquestions.org/questi...ive-ftp-22127/

tredegar 11-07-2009 01:39 PM
Maybe you could make this all a lot simpler:

I don't run any firewalls on my LAN, because I trust the machines on my LAN.

I do run a firewall on my modem/router.

So the Big Bad Interweb is firewalled, but my LAN is trusted and trusting.

Works for me.

BTW, if you are running KDE then the fish://username@LAN_HostName protocol in konqueror is awesome. You just drag & drop files between PCs. You need to have ssh installed though (easy enough).

wfh 11-07-2009 09:52 PM
Quote:
Originally Posted by lucasito (Post 3747741)
On 192.168.2.10:
Code:
$ /usr/bin/nmap -sT -P0 192.168.2.10 port 20-21
Starting Nmap 4.53 ( http://insecure.org ) at 2009-11-07 02:20 CET
Warning: Hostname port resolves to 2 IPs. Using 62.157.x.x.
Invalid target host specification: 20-21
QUITTING!
Sorry, I gave you bad syntax.....should have said:

Code:
/usr/bin/nmap -sT -P0 192.168.2.10 -p 20-21
But if you are getting two hosts answering on arp requests for 192.168.2.10, then your screwed.

Is this just a simple networking problem? Are you configured cleanly? Could you have an entry in /etc/hosts that is in conflict or something?

bartonski 11-07-2009 10:30 PM
Quote:
Originally Posted by lucasito (Post 3747741)
11 from 10:
Code:
PING 192.168.2.10 (192.168.2.10) 56(84) bytes of data.
64 bytes from 192.168.2.10: icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from 192.168.2.10: icmp_seq=2 ttl=64 time=0.070 ms
64 bytes from 192.168.2.10: icmp_seq=3 ttl=64 time=0.068 ms
^C
--- 192.168.2.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2844ms
rtt min/avg/max/mdev = 0.067/0.068/0.070/0.006 ms
Umm... I figured that this was a typo, but on the outside chance that you've got an IP address conflict or something, can you re-run the ping from 192.168.2.10 to .11?


All times are GMT -5. The time now is 11:14 AM.