|Summary:||FTP port command fails with links|
|Product:||[Retired] Red Hat Linux||Reporter:||Henri Schlereth <henris>|
|Component:||links||Assignee:||Bernhard Rosenkraenzer <bero>|
|Status:||CLOSED DEFERRED||QA Contact:||David Lawrence <dkl>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2001-06-27 02:23:02 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Henri Schlereth 2001-06-17 17:34:03 UTC
Description of Problem: After upgrading to RH7.1 (on firewall) my inpchains scripts that used to work with RH7.0 now fail links, lynx and wget with any site ftp://blah.blah. Netscape under X and Windows works, ftp and ncftp work as well. Links,lynx and wget work on the firewall itself but behind the firewall. These programs work within the internal netork. I suspect it is because ip_masq_ftp is gone. I havent converted to iptables yet, but it looks like I will have to much sooner than planned. How Reproducible: Use the attached ipchains script on a test machine and try to access ftp://ftp.redhat.de via links or lynx or do a wget on an ftp site (known to you) Steps to Reproduce: 1. 2. 3. Actual Results: FTP port command failed (links) Unable to access document (lynx) wget (invalid port) Expected Results: get to sites and/or download Additional Information:
Comment 1 Henri Schlereth 2001-06-17 17:35:01 UTC
Created attachment 21206 [details] ipchains config file
Comment 2 Michael Schwendt 2001-06-18 15:58:31 UTC
With the 2.4 kernel, ip_masq_ftp has been renamed. HTH.
Comment 3 Michael Schwendt 2001-06-18 19:13:08 UTC
Sorry, you are right. I've mixed up the "lsmod" config of a RHL 7.1 machine running the 2.2.19 kernel and my workstation running the 2.4 kernel and iptables. Your ipchains script is not affected, though. It's just that the protocol specific masquerading support is not available.
Comment 4 Mike A. Harris 2001-06-19 01:09:47 UTC
IP masquerade helpers for ipchains are not available in the 2.4 kernel. If you need to use any of the helper programs, you will need to switch to iptables and use ftp conntracking, et al. Alternative workaround: Use passive mode FTP in all software that supports it. Consult the software documentation for each program that fails to determine if it supports passive mode FTP or not.
Comment 5 Henri Schlereth 2001-06-19 02:06:19 UTC
Since I am not ready yet to switch to iptables your suggestion did the trick with only one exception. Links has no documentation, no man page to set passive mode.
Comment 6 Henri Schlereth 2001-06-27 01:48:38 UTC
I am re-opening this as a feature enhancement against links. I have installed and configured iptables and I still get a port command failed with links. While I am still researching to see if I did anything wrong , I was informed by the maintainer that links doesnt do passive ftp. The only solution available is to not use links (e.g ftp://ftp.isc.org) or come up with some sort of proxy method to regain full functionality
Comment 7 Mike A. Harris 2001-06-27 02:22:57 UTC
links is not a program created here, and so it is unlikely we would add support for passive mode FTP to it, especially when there are other tools that work through passive ftp. It isn't my package however so not my call. When changing packages, be sure to also assign to the new component owner as well. Take care, TTYL
Comment 8 Bernhard Rosenkraenzer 2001-06-27 10:25:12 UTC
I've passed this feature request on to the links mailing list - maybe someone has the time to add this before I do.
Comment 9 Henri Schlereth 2001-06-29 06:01:18 UTC
I replaced a minimal iptables with non-passive ftp support enabled. I switched lynx and wget back to non-passive mode and they work. Astonishingly enough links still gets a port command failed even with iptables. I am enclosing as an attachment my working rc.firewall. You may want to pass this on to the links people. I was trying to make this work because I thought links was going to replace lynx. Evidently not ready for primetime.