View Issue Details

IDProjectCategoryView StatusLast Update
0005135CentOS-5kernelpublic2014-10-26 18:59
Reporterdennis 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionwon't fix 
Product Version5.7 
Target VersionFixed in Version 
Summary0005135: After upgrade to 5.7 the ip_nat_ftp module breaks passive ftp connections
DescriptionLast night I upgraded a system to 5.7 and today I noticed that vsftpd no longer reponds to a PASV command:

Command: CWD /
Response: 250 Directory successfully changed.
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Error: Connection timed out
Error: Failed to retrieve directory listing

In /etc/sysconfig/iptable-config I load the ip_conntrack_ftp and ip_nat_ftp modules.
As soon as I remove the ip_nat_ftp module everything starts working again as it should.
Steps To ReproduceConfigure an ftp server, load the ip_nat_ftp module and try to start a transfer in passive mode.
TagsNo tags attached.

Activities

athmane

athmane

2011-09-21 18:53

developer   ~0013341

I reproduce it with the latest 5.7 kernel (config-2.6.18-274.3.1.el5), but it didn't happen when downgrading the kernel to 2.6.18-238.el5

[root@ftp-test ~]# uname -r
2.6.18-238.el5

ftp> ls
227 Entering Passive Mode (192,168,1,6,31,167)
150 Here comes the directory listing.
226 Directory send OK.

Could be introduced by this bugfix:
http://lists.centos.org/pipermail/centos-cr-announce/2011-September/000066.html
https://bugzilla.redhat.com/show_bug.cgi?id=642388
http://rhn.redhat.com/errata/RHSA-2011-1065.html
tru

tru

2011-09-21 20:55

administrator   ~0013342

could you fill a regression bug upstream?
athmane

athmane

2011-09-21 22:00

developer   ~0013343

I reported this to upstream:

https://bugzilla.redhat.com/show_bug.cgi?id=740399
herrold

herrold

2012-02-29 22:59

reporter   ~0014590

please verify that this continues with a current kernel ... I had this issue, and a kernel update resolved the matter. if it persists for you, we should probably look into configs more closely
dennis

dennis

2012-03-05 16:47

reporter   ~0014616

Still seeing this with kernel-xen-2.6.18-274.18.1.el5
msadams

msadams

2012-03-09 14:54

reporter   ~0014643

Still seeing this issue with new kernel:

2.6.18-308.1.1.el5 #1 SMP Wed Mar 7 04:16:51 EST 2012 x86_64 x86_64

In /etc/sysconfig/iptable-config we load the ip_conntrack_ftp and ip_nat_ftp modules. When removing the ip_nat_ftp module and reloading iptables everything starts working again as expected.
tigalch

tigalch

2012-06-11 19:22

manager   ~0015248

The kernel is at 2.6.18-308.8.1. Is the issue still present?
tigalch

tigalch

2014-04-30 18:22

manager   ~0019699

upstream will soon close this issue as WONTFIX
tigalch

tigalch

2014-10-26 18:59

manager   ~0021395

WONTFIX by upstream

Issue History

Date Modified Username Field Change
2011-09-21 17:44 dennis New Issue
2011-09-21 18:53 athmane Note Added: 0013341
2011-09-21 20:55 tru Note Added: 0013342
2011-09-21 22:00 athmane Note Added: 0013343
2012-02-29 22:59 herrold Note Added: 0014590
2012-03-05 16:47 dennis Note Added: 0014616
2012-03-09 14:54 msadams Note Added: 0014643
2012-06-11 19:22 tigalch Note Added: 0015248
2014-04-30 18:22 tigalch Note Added: 0019699
2014-10-26 18:59 tigalch Note Added: 0021395
2014-10-26 18:59 tigalch Status new => closed
2014-10-26 18:59 tigalch Resolution open => won't fix