On 10/02/16 19:48, Michael D. Setzer II wrote:
The modeprobe nf_conntrack_ftp doesn't output any messge or
error? Not sure what it is
suppose to output.
No, it probably won't. Before issuing the modprobe, it would have been a good idea to
use
lsmod to see if it was already loaded.
FWIW, as I mentioned the module doesn't get loaded when initially making changes to
the
firewall with the GUI. But you could use the GUI to reload and it does get loaded. Once
loaded, it stays loaded unless you issue an rmmod command and the module is not in use.
I did a test from a machine to the server running the vsftp server and using ncftp or
ncftpls, but in the past have also used ftp with the same results.
With the line disabled everything seems to work, but without it seems to fail, but in
one section changed passive mode, back it seemed to continue??
These machines are in the same 192.168.7.x network connected to the same switch? All are
running Fedora 24, upgraded via dnf from 23 over the summer. With the 23, never had any
issues.
I fired up an F22 system and did an iptables-save and found it also has the line
-A INPUT -j REJECT --reject-with icmp-host-prohibited
That's about all I can say this my evening. If I have time tomorrow I'll put up a
vsftpd
on a system and see if I can recreate the issue.
I have no idea why I'd suggest this, other than the active/passive comments you made,
but
I guess you can also try to open port 20 and with that line active in iptables see if the
results are the same.
--
You're Welcome Zachary Quinto