2017-01-19 12:58 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0005135CentOS-5kernelpublic2014-10-26 18:59
Reporterdennis 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionwon't fix 
Product Version5.7 
Target VersionFixed in Version 
Summary0005135: After upgrade to 5.7 the ip_nat_ftp module breaks passive ftp connections
DescriptionLast night I upgraded a system to 5.7 and today I noticed that vsftpd no longer reponds to a PASV command:

Command: CWD /
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Error: Connection timed out
Error: Failed to retrieve directory listing

In /etc/sysconfig/iptable-config I load the ip_conntrack_ftp and ip_nat_ftp modules.
As soon as I remove the ip_nat_ftp module everything starts working again as it should.
Steps To ReproduceConfigure an ftp server, load the ip_nat_ftp module and try to start a transfer in passive mode.
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0013341

athmane (developer)

I reproduce it with the latest 5.7 kernel (config-2.6.18-274.3.1.el5), but it didn't happen when downgrading the kernel to 2.6.18-238.el5

[root@ftp-test ~]# uname -r
2.6.18-238.el5

ftp> ls
227 Entering Passive Mode (192,168,1,6,31,167)
150 Here comes the directory listing.
226 Directory send OK.

Could be introduced by this bugfix:
http://lists.centos.org/pipermail/centos-cr-announce/2011-September/000066.html
https://bugzilla.redhat.com/show_bug.cgi?id=642388
http://rhn.redhat.com/errata/RHSA-2011-1065.html

~0013342

tru (administrator)

could you fill a regression bug upstream?

~0013343

athmane (developer)

I reported this to upstream:

https://bugzilla.redhat.com/show_bug.cgi?id=740399

~0014590

herrold (reporter)

please verify that this continues with a current kernel ... I had this issue, and a kernel update resolved the matter. if it persists for you, we should probably look into configs more closely

~0014616

dennis (reporter)

Still seeing this with kernel-xen-2.6.18-274.18.1.el5

~0014643

msadams (reporter)

Still seeing this issue with new kernel:

2.6.18-308.1.1.el5 #1 SMP Wed Mar 7 04:16:51 EST 2012 x86_64 x86_64

In /etc/sysconfig/iptable-config we load the ip_conntrack_ftp and ip_nat_ftp modules. When removing the ip_nat_ftp module and reloading iptables everything starts working again as expected.

~0015248

tigalch (manager)

The kernel is at 2.6.18-308.8.1. Is the issue still present?

~0019699

tigalch (manager)

upstream will soon close this issue as WONTFIX

~0021395

tigalch (manager)

WONTFIX by upstream
+Notes

-Issue History
Date Modified Username Field Change
2011-09-21 17:44 dennis New Issue
2011-09-21 18:53 athmane Note Added: 0013341
2011-09-21 20:55 tru Note Added: 0013342
2011-09-21 22:00 athmane Note Added: 0013343
2012-02-29 22:59 herrold Note Added: 0014590
2012-03-05 16:47 dennis Note Added: 0014616
2012-03-09 14:54 msadams Note Added: 0014643
2012-06-11 19:22 tigalch Note Added: 0015248
2014-04-30 18:22 tigalch Note Added: 0019699
2014-10-26 18:59 tigalch Note Added: 0021395
2014-10-26 18:59 tigalch Status new => closed
2014-10-26 18:59 tigalch Resolution open => won't fix
+Issue History