Feb
28
2007

Active Mode FTP Blocked, openSUSE 10.2

With all of my applications and projects upgraded from SuSE 10.0 to openSUSE 10.2 and seemingly working fine, I stumbled over a roadblock today: ftp is blocked from running active mode in 10.2. In my regression testing I had two utilities fail, perl CPAN.pm being the well-known one. In each case, the process would request a directory listing and then hang.

The first utility had a passive mode option; I enabled it and the process completed. CPAN does not have such an option. But both utilities use perl’s Net::FTP module and I eventually learned about the FTP_PASSIVE environment variable here and within the CPAN.pm documentation. So I was finally able to run CPAN.

Even though I now have my ftp tasks operational using passive mode (which is preferable), it is risky when an unknown agent intervenes surreptitiously. What future networking applications will be blocked by this agent? Better to discover and learn how to configure this agent to report its actions to a system log file now, rather than wait until it is silently blocking a critical development task.

Since I believe it is a firewall within openSUSE that is blocking the ftp messages, I set out to confirm this. I rebooted my multi-boot PC back up under SuSE 10.0. “ftp -A -d ftp.anysite.com” worked fine, eliminating my Internet router’s firewall and anything else in my hardware or LAN/WAN path as the source of the problem. The same ftp command hangs when booted to openSUSE 10.2. Thus the filtering is being done within openSUSE.

But all efforts to find the culprit within openSUSE have come to naught. grep found no mention of any filtered packets in any of the var/log/* files. I left SUSEfirewall2 disabled during installation and it remains off. I turned off Novell AppArmor and that did not solve the problem. My final clue is the following line from dmesg:

ip_tables: (C) 2000-2006 Netfilter Core Team

Yet there is no /var/log/firewall, which is where syslog-ng is told to put iptables messages. Nor does iptables appear in the YaST System Services screen. However, there is an ip_table_filter entry in standby.log.

So after several fruitless hours, I’m still clueless as to the openSUSE agent that is blocking active mode ftp requests. Suggestions anyone?

posted in SUSE, SysAdmin by Bozzie

1 Comment to "Active Mode FTP Blocked, openSUSE 10.2"

  1. Henrik Klagges wrote:

    Hello,

    have you tried putting
    export FTP_PASSIVE=1
    into /etc/profile.local? That helped for me.

    Cheers,
    Henrik

 
Powered by Wordpress and MySQL. Theme by openark.org