Bug 839257 - vsftpd doesn't accept legacy ipv4 connections when set to listen on ipv6
vsftpd doesn't accept legacy ipv4 connections when set to listen on ipv6
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: vsftpd (Show other bugs)
6.5
All Linux
high Severity urgent
: rc
: ---
Assigned To: Jiri Skala
BaseOS QE Security Team
: Reopened
Depends On:
Blocks: 508685
  Show dependency treegraph
 
Reported: 2012-07-11 07:47 EDT by Vadim Grinco
Modified: 2014-11-09 17:35 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-29 07:38:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
vsftpd init script for ipv6 (2.80 KB, text/plain)
2012-10-24 15:44 EDT, Paul Wouters
no flags Details
vsftpd spec file with ipv6 update (21.28 KB, text/plain)
2012-10-24 15:46 EDT, Paul Wouters
no flags Details

  None (edit)
Description Vadim Grinco 2012-07-11 07:47:26 EDT
Description of problem:
vsftpd doesn't accept legacy ipv4 connections when set to listen on ipv6.

Version-Release number of selected component (if applicable):
vsftpd-2.2.2-11.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. change listen=YES to listen_ipv6=yes
2. restart vsftpd
3. telnet 127.0.0.1 21
  
Actual results:
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused


Expected results:
Trying ::1...
Connected to chaos.brq.redhat.com (::1).
Escape character is '^]'.
220 (vsFTPd 2.2.2)


Additional info:
This has been broken by bug 592850.
Comment 8 Jiri Skala 2012-07-23 10:33:59 EDT
The issue was really introduced intentionally by BZ#592850.

The vsftpd can be configured using two configure files. The first one will set listen=YES. The second on will set listen_ipv6=YES. So configured vsftpd will start two instances listening on different IP versions.

With respect to intention of BZ#592850 and described solution I close the bug with the status 'wontfix'.
Comment 9 Paul Wouters 2012-10-24 15:43:40 EDT
there are more problems then just using two config files. Since vsftpd does not write pid files, there is no way you can have the two services running using the same daemon name.

As a work around, I created a softlink to vsftpd6 and install an additional initscript that uses prog=vsftpd6.

spec file and vsftpd6.init attached.

This change allows me to properly run v4 and v6 with the current patched vsftpd code. Hoever, I concur with #592850 that it should just listen to both v4 and v6 using one daemon and one config file. But if you're unwilling to do so, at least apply the attached files to properly run 2 separate services.
Comment 10 Paul Wouters 2012-10-24 15:44:29 EDT
Created attachment 633003 [details]
vsftpd init script for ipv6
Comment 11 Paul Wouters 2012-10-24 15:46:23 EDT
Created attachment 633004 [details]
vsftpd spec file with ipv6 update
Comment 12 RHEL Product and Program Management 2012-10-24 15:49:24 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.
Comment 13 Paul Wouters 2012-10-24 16:08:55 EDT
https://fedorahosted.org/fesco/ticket/693

Fesco seemed to have agreed for the fedora branches.....
Comment 14 Jiri Skala 2012-10-29 07:38:33 EDT
(In reply to comment #9)
> there are more problems then just using two config files. Since vsftpd does
> not write pid files, there is no way you can have the two services running
> using the same daemon name.
> 
> As a work around, I created a softlink to vsftpd6 and install an additional
> initscript that uses prog=vsftpd6.
> 
Hi Paul,
there is no necessity to have more initscripts for particular instances of vsftpd. This is enough to create two or more config files in /etc/vsftpd directory that pass to mask *.conf. (e. g. vsftpd.conf, vsftpd1.conf).

Using 'service vsftpd start' will start appropriate number of daemon instances to number of correct configuration files.

You are able to have more running daemons and each of them is listening on different IP version, address or port. You can split configuration for listening to port 21 & 990 (ftp & ftps) and a lot of other variation.

If you have a trouble with starting more vsftpd instances and you are convinced this is a bug, please, open new bug and put there your conf files and other details necessary for reproducing.
I currently have no issue with running more instances.

Best regards

Jiri
Comment 15 Paul Wouters 2012-10-31 12:52:12 EDT
sigh

The FESCO decision makes sense. We should not have multiple init scripts or multiple config files to support v4 and v6.

If I enable vsftpd, it should be enabled for v4 and v6, using a single config file. 

I'm not sure why you excluded the RHEL branch from FESCO's advise. It seems petty

Supporting multiple conf files is fine, requiring multiple config files for the simple case of running ftp on 4+6 is not.

Note You need to log in before you can comment on or make changes to this bug.