2017-11-17 21:19 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0005135CentOS-5kernelpublic2014-10-26 18:59
StatusclosedResolutionwon't fix 
Product Version5.7 
Target VersionFixed in Version 
Summary0005135: After upgrade to 5.7 the ip_nat_ftp module breaks passive ftp connections
DescriptionLast night I upgraded a system to 5.7 and today I noticed that vsftpd no longer reponds to a PASV command:

Command: CWD /
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Error: Connection timed out
Error: Failed to retrieve directory listing

In /etc/sysconfig/iptable-config I load the ip_conntrack_ftp and ip_nat_ftp modules.
As soon as I remove the ip_nat_ftp module everything starts working again as it should.
Steps To ReproduceConfigure an ftp server, load the ip_nat_ftp module and try to start a transfer in passive mode.
TagsNo tags attached.
Attached Files




athmane (developer)

I reproduce it with the latest 5.7 kernel (config-2.6.18-274.3.1.el5), but it didn't happen when downgrading the kernel to 2.6.18-238.el5

[root@ftp-test ~]# uname -r

ftp> ls
227 Entering Passive Mode (192,168,1,6,31,167)
150 Here comes the directory listing.
226 Directory send OK.

Could be introduced by this bugfix:


tru (administrator)

could you fill a regression bug upstream?


athmane (developer)

I reported this to upstream:



herrold (reporter)

please verify that this continues with a current kernel ... I had this issue, and a kernel update resolved the matter. if it persists for you, we should probably look into configs more closely


dennis (reporter)

Still seeing this with kernel-xen-2.6.18-274.18.1.el5


msadams (reporter)

Still seeing this issue with new kernel:

2.6.18-308.1.1.el5 #1 SMP Wed Mar 7 04:16:51 EST 2012 x86_64 x86_64

In /etc/sysconfig/iptable-config we load the ip_conntrack_ftp and ip_nat_ftp modules. When removing the ip_nat_ftp module and reloading iptables everything starts working again as expected.


tigalch (manager)

The kernel is at 2.6.18-308.8.1. Is the issue still present?


tigalch (manager)

upstream will soon close this issue as WONTFIX


tigalch (manager)

WONTFIX by upstream

-Issue History
Date Modified Username Field Change
2011-09-21 17:44 dennis New Issue
2011-09-21 18:53 athmane Note Added: 0013341
2011-09-21 20:55 tru Note Added: 0013342
2011-09-21 22:00 athmane Note Added: 0013343
2012-02-29 22:59 herrold Note Added: 0014590
2012-03-05 16:47 dennis Note Added: 0014616
2012-03-09 14:54 msadams Note Added: 0014643
2012-06-11 19:22 tigalch Note Added: 0015248
2014-04-30 18:22 tigalch Note Added: 0019699
2014-10-26 18:59 tigalch Note Added: 0021395
2014-10-26 18:59 tigalch Status new => closed
2014-10-26 18:59 tigalch Resolution open => won't fix
+Issue History