unable to connect ftp

amartlk · 04-09-2013, 01:56 AM

Hi

i have centos 5.3 installed with squid transparent proxy .

i try to access ftp site through filezilla client but it shows error as Response: 503 Failure of data connection.
Server sent unexpected reply.
Connection closed .

i used Natting in squid server, i allow ftp port 20,21 in squid allow rule in firewall to allow ftp but still same error

Regards
Amar

cbtshare · 04-09-2013, 02:45 AM

can you show the results of the command
#iptables -L

do you have selinux in enforcing?

amartlk · 04-09-2013, 04:15 AM

Thanks for reply , no selinux is not in enforcing

[root@xyz ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:squid
ACCEPT tcp -- anywhere anywhere tcp spt:squid state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:http

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:http
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:http

Amar

cbtshare · 04-09-2013, 04:58 AM

have you checked the logs? if you are getting an error something should be there..

amartlk · 04-09-2013, 05:12 AM

yes but no error only error as 503 Failure of data connection.
Server sent unexpected reply.
Connection closed . in filezilla client.

i use nat in squid server it may create issue with ftp ??if yes what to do

cbtshare · 04-09-2013, 01:30 PM

you can read here they found a solution:
http://www.linuxsolved.com/forums/index.php?topic=944.0

amartlk · 04-10-2013, 12:42 AM

I tried the solution given in link but still same problem

eklavya · 04-10-2013, 01:26 AM

Are you using vsftpd as ftp daemon?

First stop squid and try to connect it again, if you can connect then it is a proxy server problem and we will search remedy for it but if it does not connect even squid is stopped then we have to find solution for current conditions.

Try to add this line in your iptables and restart iptables

Code:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT

Code:

# service iptables restart

Now try to connect.

amartlk · 04-10-2013, 02:22 AM

Hi

the ftp is not created by us , it is given by client and if i connect by removing pc from our network and connecting some dongle directly to the pc then it will be connect , i.e not connecting from our network and i already added -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 20 -j ACCEPT

eklavya · 04-10-2013, 02:59 AM

It means there is something wrong in your network that is not in individual system (outside your network).
Is there any proxy in your network? can you stop for the test?

amartlk · 04-10-2013, 04:10 AM

Hi

i have squid transparent proxy but if i stop squid then i am not able to use internet? and then how can i connect to ftp ?

eklavya · 04-10-2013, 04:21 AM

Is this line in your squid.conf?

Code:

acl Safe_ports port 21 # ftp

amartlk · 04-10-2013, 05:12 AM

yes i have acl Safe_ports port 21 # ftp in squid.conf file

eklavya · 04-10-2013, 05:50 AM

If SELinux is disabled, port 21 is defined accepted in iptables, port 21 is opened in administration > firewall
then it should be issue of proxy (I think so).

Can you put content of your squid.conf?

amartlk · 04-10-2013, 07:07 AM

pls find the attachment