Has anyone had any problems with Filezilla in OpenSuse?
I obviously a noob to Suse but after installing 11.4, and filezilla, i cant connect to my ftp server.
Ive opened ports 21 22 and 990 explicitly in the firewall and all I get is a 425 error Cant Retrieve Directory Listing. It logs me in ok but doesnt allow data connections?
Have I missed something fundamental during the installation of suse? Ive been on this for two days now.
Any help much apreciated.
So you are getting connected, but cannot navigate the directory and you could with what before (Windows? previous openSUSE?).
I don’t know if samba-client is required in this situation. I know when I am looking at my file server, before I install samba-client I get no connection or blank listing of contents. It may be a long shot in this case, though.
On 26/04/11 15:06, thatblokefromstoke wrote:
> Has anyone had any problems with Filezilla in OpenSuse?
> I obviously a noob to Suse but after installing 11.4, and filezilla, i
> cant connect to my ftp server.
> Ive opened ports 21 22 and 990 explicitly in the firewall and all I get
> is a 425 error Cant Retrieve Directory Listing. It logs me in ok but
> doesnt allow data connections?
> Have I missed something fundamental during the installation of suse?
> Ive been on this for two days now.
> Any help much apreciated.
check filezilla log file. Bear on mind that latest filezilla versions
use the MLST and MLSD as default for directory listing. There are some
proxy/ftp servers that do not understand this commands hence the error
as filezilla is not falling back to the standard LIST command. There are
a lot of discussions about that on the filezilla forums to at least
allow to configure the command or fail back to the LIST if MLST and MLSD
Not being able to open a data connection while the firewall is active is typical of no connection tracking for FTP because the firewall has to parse the command stream to know the port to open dynamically for the data connection. Make sure you have loaded the iptables module nf_conntrack_ftp.
Hi thanks for the quick reply, The remote ftp server is Windows NT in active mode only.
Ive tried different configs with the suse firewall (in Yast) but i have no clue what the right settings should be,
Passive mode isnt supported on the ftp server
Ive narrowed this down the the suse firewall but i dont know the correct settings
Hi Ive disabled the firewall and i can access the FTP server remotely with filezilla, i dont have local access as its part of my web hosting. I think i just need to correctly allow ftp through the firewall, preferably through yast, (because im a noob). The problem is that i dont see anything to do with FTp in the allowed services dropdown list?
Hi - Ive run lsmod and can see nothing to do with nf_conntrack or the ipv4/6,
I just get a list of hardware, grep trac does nothing from my terminal, ive tried them as separate commands and together.
“But it perhaps it simply needs adjusting “FW_LOAD_MODULES” or
“FW_SERVICES_ACCEPT_RELATED_EXT”.”---------------------------------this means absolutely nothing to me, is this to be inoutted in the terminal, and if so , with what parameters?
Thanks for your help
Ah ok I missed that. Get rid of that stupid FTP server software and find something better if it can’t handle passive mode clients. It’s very problematic to clients to use active mode. An active mode client has to allow connections inwards on arbitrary ports. As you can imagine this gives security people the shudders.
Forget about nf_conntrack_ftp then. That’s meant for Linux FTP servers behind a Linux iptables firewall to allow them to handle passive mode clients.
Here’s a brief explanation of how active and passive mode work. These are the conversations on the control connection:
C: Hello, I’m user/password and I want active mode
S: Welcome, please tell me what data port you are listening on
C: The port is P
S: Makes a data connection to C at port P
In active mode, the client has to allow incoming access on port P. This is already an issue and even more so if C is behind a separate router/firewall.
C: Hello, I’m user/password and I want passive mode
S: Welcome, I am listening for data on port P
C: Makes a data connection to S at port P
So in passive mode, the conntrack module watches the data connection and allows access through the firewall for C on port P.
This is actually simplified. The port negotiations are actually done for every file transfer. Directory listings are not file transfers, the information is sent on the control connection. So the typical symptom of data port problems is that you can list the directory but not fetch or send files.