OpenSuse blocking filezilla

Has anyone had any problems with Filezilla in OpenSuse?

I obviously a noob to Suse but after installing 11.4, and filezilla, i cant connect to my ftp server.
Ive opened ports 21 22 and 990 explicitly in the firewall and all I get is a 425 error Cant Retrieve Directory Listing. It logs me in ok but doesnt allow data connections?

Have I missed something fundamental during the installation of suse? Ive been on this for two days now.
Any help much apreciated.
Thanks

What about Port 47?

So you are getting connected, but cannot navigate the directory and you could with what before (Windows? previous openSUSE?).

I don’t know if samba-client is required in this situation. I know when I am looking at my file server, before I install samba-client I get no connection or blank listing of contents. It may be a long shot in this case, though.

  1. What FTP server you’re using?
  2. Did you configured it with Yast?
  3. Did you try passive mode?

On 26/04/11 15:06, thatblokefromstoke wrote:
>
> Has anyone had any problems with Filezilla in OpenSuse?
>
> I obviously a noob to Suse but after installing 11.4, and filezilla, i
> cant connect to my ftp server.
> Ive opened ports 21 22 and 990 explicitly in the firewall and all I get
> is a 425 error Cant Retrieve Directory Listing. It logs me in ok but
> doesnt allow data connections?
>
> Have I missed something fundamental during the installation of suse?
> Ive been on this for two days now.
> Any help much apreciated.
> Thanks
>
>

check filezilla log file. Bear on mind that latest filezilla versions
use the MLST and MLSD as default for directory listing. There are some
proxy/ftp servers that do not understand this commands hence the error
as filezilla is not falling back to the standard LIST command. There are
a lot of discussions about that on the filezilla forums to at least
allow to configure the command or fail back to the LIST if MLST and MLSD
fail.

gonzalo

Not being able to open a data connection while the firewall is active is typical of no connection tracking for FTP because the firewall has to parse the command stream to know the port to open dynamically for the data connection. Make sure you have loaded the iptables module nf_conntrack_ftp.

Hi thanks for the quick reply, The remote ftp server is Windows NT in active mode only.
Ive tried different configs with the suse firewall (in Yast) but i have no clue what the right settings should be,
Passive mode isnt supported on the ftp server

Ive narrowed this down the the suse firewall but i dont know the correct settings

are iptables custom rules for the firewall? if so can this be done in yast instead?
Thanks

\dragonbite
hi i already see the samba server and client in the allowed services list so im assuming that its already enabled/installed
Thanks

I don’t use SuSEfirewall2, at least not on machines that offer FTP, so I don’t know. I suspect that using the YaST config tool for FTP service might handle this. You should look into that.

how do i load the iptables module?
Thanks

On 2011-04-27 16:36, thatblokefromstoke wrote:

> are iptables custom rules for the firewall? if so can this be done in
> yast instead?

It meant in susefirewall opening ftp and ftp-data, IIRC.

But it perhaps it simply needs adjusting “FW_LOAD_MODULES” or
“FW_SERVICES_ACCEPT_RELATED_EXT”.

Run “lsmod | grep trac”, you should see nf_conntrack and another for ipv4 & 6.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

then try:

  1. disable firewall in openSUSE machine at all
  2. ensure that between openSUSE and FTP server there is no any other firewall for example on the router(or on windows machine too, i.e. disable windows firewall)
  3. try an ftp client locally on ftp server (windows) if it doesn’t work the something is wrong with ftp server
  4. try to make an ftp connection with other client than filezilla for example with simple ftp command from command line.

If it will work from command line from openSUSE machine then something is wrong with filezilla.

Hi Ive disabled the firewall and i can access the FTP server remotely with filezilla, i dont have local access as its part of my web hosting. I think i just need to correctly allow ftp through the firewall, preferably through yast, (because im a noob). The problem is that i dont see anything to do with FTp in the allowed services dropdown list?

Did you install the package for configuring FTP via YaST, yast2-ftp-server?

Hi - Ive run lsmod and can see nothing to do with nf_conntrack or the ipv4/6,
I just get a list of hardware, grep trac does nothing from my terminal, ive tried them as separate commands and together.

“But it perhaps it simply needs adjusting “FW_LOAD_MODULES” or
“FW_SERVICES_ACCEPT_RELATED_EXT”.”---------------------------------this means absolutely nothing to me, is this to be inoutted in the terminal, and if so , with what parameters?
Thanks for your help

Hi, no i didnt think that i needed to as the server is remote not local, do i still need this package?

You can still use YaST remotely with the ncurses interface. That module should know about inserting the right firewall rules, since you’re not up to editing the firewall rules yourself.

On 2011-04-28 12:06, ken yap wrote:
> You can still use YaST remotely with the ncurses interface.

It is a remote windows server serving ftp active mode.
YaST ftp server module will not help at all on the client machine.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

Ah ok I missed that. Get rid of that stupid FTP server software and find something better if it can’t handle passive mode clients. It’s very problematic to clients to use active mode. An active mode client has to allow connections inwards on arbitrary ports. As you can imagine this gives security people the shudders.

Forget about nf_conntrack_ftp then. That’s meant for Linux FTP servers behind a Linux iptables firewall to allow them to handle passive mode clients.

Here’s a brief explanation of how active and passive mode work. These are the conversations on the control connection:

Active mode:

C: Hello, I’m user/password and I want active mode
S: Welcome, please tell me what data port you are listening on
C: The port is P
S: Makes a data connection to C at port P

In active mode, the client has to allow incoming access on port P. This is already an issue and even more so if C is behind a separate router/firewall.

Passive mode:

C: Hello, I’m user/password and I want passive mode
S: Welcome, I am listening for data on port P
C: Makes a data connection to S at port P

So in passive mode, the conntrack module watches the data connection and allows access through the firewall for C on port P.

This is actually simplified. The port negotiations are actually done for every file transfer. Directory listings are not file transfers, the information is sent on the control connection. So the typical symptom of data port problems is that you can list the directory but not fetch or send files.