Bug 44806 - FTP port command fails with links
FTP port command fails with links
Status: CLOSED DEFERRED
Product: Red Hat Linux
Classification: Retired
Component: links (Show other bugs)
7.1
i386 Linux
low Severity low
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-06-17 13:34 EDT by Henri Schlereth
Modified: 2005-10-31 17:00 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-26 22:23:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ipchains config file (1.67 KB, text/plain)
2001-06-17 13:35 EDT, Henri Schlereth
no flags Details
enclosed rc.firewall (5.25 KB, text/plain)
2001-06-29 02:02 EDT, Henri Schlereth
no flags Details

  None (edit)
Description Henri Schlereth 2001-06-17 13:34:03 EDT
Description of Problem:
After upgrading to RH7.1 (on firewall) my inpchains scripts that used to
work with
RH7.0 now fail links, lynx and wget with any site ftp://blah.blah. Netscape
under
X and Windows works, ftp and ncftp work as well.
Links,lynx and wget work on the firewall itself but behind the firewall. 

These programs work within the internal netork.

I suspect it is because ip_masq_ftp is gone. I havent converted to iptables
yet, but it
looks like I will have to much sooner than planned.


How Reproducible:
Use the attached ipchains script on a test machine and try to access 
ftp://ftp.redhat.de via links or lynx or do a wget on an ftp site (known to
you)


Steps to Reproduce:
1.  
2. 
3. 

Actual Results:
FTP port command failed (links)
Unable to access document (lynx)
wget (invalid port)

Expected Results:
get to sites and/or download

Additional Information:
Comment 1 Henri Schlereth 2001-06-17 13:35:01 EDT
Created attachment 21206 [details]
ipchains config file
Comment 2 Michael Schwendt 2001-06-18 11:58:31 EDT
With the 2.4 kernel, ip_masq_ftp has been renamed. HTH.
Comment 3 Michael Schwendt 2001-06-18 15:13:08 EDT
Sorry, you are right.

I've mixed up the "lsmod" config of a RHL 7.1 machine running the 2.2.19 kernel
and my workstation running the 2.4 kernel and iptables.

Your ipchains script is not affected, though. It's just that the protocol
specific masquerading support is not available.
Comment 4 Mike A. Harris 2001-06-18 21:09:47 EDT
IP masquerade helpers for ipchains are not available in the 2.4 kernel.
If you need to use any of the helper programs, you will need to switch
to iptables and use ftp conntracking, et al.

Alternative workaround:  Use passive mode FTP in all software that supports
it.  Consult the software documentation for each program that fails to
determine if it supports passive mode FTP or not.
Comment 5 Henri Schlereth 2001-06-18 22:06:19 EDT
Since I am not ready yet to switch to iptables your suggestion did the trick
with only one
exception. Links has no documentation, no man page to set passive mode.
Comment 6 Henri Schlereth 2001-06-26 21:48:38 EDT
I am re-opening this as a feature enhancement against links. I have installed
and configured
iptables and I still get a port command failed with links. While I am still
researching to see
if I did anything wrong , I was informed by the maintainer that links doesnt do
passive ftp. The only solution available is to not use links (e.g
ftp://ftp.isc.org) or come
up with some sort of proxy method to regain full functionality
Comment 7 Mike A. Harris 2001-06-26 22:22:57 EDT
links is not a program created here, and so it is unlikely we would add
support for passive mode FTP to it, especially when there are other tools
that work through passive ftp.  It isn't my package however so not my call.
When changing packages, be sure to also assign to the new component owner
as well.

Take care,
TTYL
Comment 8 Bernhard Rosenkraenzer 2001-06-27 06:25:12 EDT
I've passed this feature request on to the links mailing list - maybe someone 
has the time to add this before I do.
Comment 9 Henri Schlereth 2001-06-29 02:01:18 EDT
I replaced a minimal iptables with non-passive ftp support enabled. I switched
lynx and wget back to non-passive mode and they work. Astonishingly enough
links still gets a port command failed even with iptables. I am enclosing as an
attachment my working rc.firewall. You may want to pass this on to the links
people.  I was
trying to make this work because I thought links was going to replace lynx.
Evidently not
ready for primetime.
Comment 10 Henri Schlereth 2001-06-29 02:02:25 EDT
Created attachment 22166 [details]
enclosed rc.firewall

Note You need to log in before you can comment on or make changes to this bug.