I use SmarterStats on a Windows box to pull http logs via FTP. This worked fine and dandy until I updated my CentOS 5 Server with Yum and then installed ASL 2.0. When I FTP from windows command line I don't seem to have a problem. But not when smarterstats tries to (see logs below). When I stop IPTABLES the problem goes away, and I havent changed the IPTABLES ruleset for about a year. I found something similar in this post http://forum.soft32.com/linux/IPTABLES- ... 48793.html but I get the following error when I try to run some of the commands. Can someone help me understand whats going on here?
Error Running Commands:
[root@web-01 vsftpd]# modprobe ip_conntrack
[root@web-01 vsftpd]# modprobe ip_conntrack_ftp ports=21
FATAL: Error inserting ip_conntrack_ftp (/lib/modules/2.6.19-7.art/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko): Operation not permitted
[root@web-01 vsftpd]# modprobe ip_nat_ftp ports=21
WARNING: Error inserting ip_conntrack_ftp (/lib/modules/2.6.19-7.art/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko): Operation not permitted
FATAL: Error inserting ip_nat_ftp (/lib/modules/2.6.19-7.art/kernel/net/ipv4/netfilter/ip_nat_ftp.ko): Operation not permitted
Error Message from SmarterStats FTP Log
: 9/24/2008 12:12:28 PM] (T:) ------------------------------------------------ (25 MB Used)
: 9/24/2008 12:12:28 PM] (T:) _test - Starting FTP Process (25 MB Used)
: 9/24/2008 12:12:28 PM] (T:) _test - FTP Connected (25 MB Used)
: 9/24/2008 12:12:28 PM] (T:) _test - FTP 220 (vsFTPd 2.0.5) (25 MB Used)
: 9/24/2008 12:12:28 PM] (T:) USER nysha-logs
(25 MB Used)
: 9/24/2008 12:12:28 PM] (T:) _test - FTP 331 Please specify the password. (25 MB Used)
: 9/24/2008 12:12:28 PM] (T:) _test - FTP PASS ********* (25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) _test - FTP 230 Login successful. (25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) CWD nysha
(25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) _test - FTP 250 Directory successfully changed. (25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) TYPE A
(25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) _test - FTP 200 Switching to ASCII mode. (25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) PASV
(25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) _test - FTP 227 Entering Passive Mode (72,43,93,61,213,244) (25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) LIST
(25 MB Used)
: 9/24/2008 12:12:29 PM] (T:) distance.nysha.org - FTP Data Session Error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 72.43.93.61:50685 (25 MB Used)
: 9/24/2008 12:12:50 PM] (T:) _test - FTP Data Session Error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 72.43.93.61:54772 (25 MB Used)
: 9/24/2008 12:13:08 PM] (T:) distance.nysha.org - FTP 425 Failed to establish connection. (25 MB Used)
: 9/24/2008 12:13:08 PM] (T:) distance.nysha.org - FTP Command Failed. Server reply: 425 Failed to establish connection. (25 MB Used)
: 9/24/2008 12:13:08 PM] (T:) QUIT
(25 MB Used)
: 9/24/2008 12:13:08 PM] (T:) distance.nysha.org - FTP 221 Goodbye. (25 MB Used)
SmarterStats Log with IPTables disabled
: 9/24/2008 12:11:52 PM] (T:) ------------------------------------------------ (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - Starting FTP Process (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP Connected (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 220 (vsFTPd 2.0.5) (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) USER nysha-logs
(25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 331 Please specify the password. (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP PASS ********* (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 230 Login successful. (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) CWD nysha
(25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 250 Directory successfully changed. (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) TYPE A
(25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 200 Switching to ASCII mode. (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) PASV
(25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 227 Entering Passive Mode (72,43,93,61,237,235) (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) LIST
(25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 150 Here comes the directory listing. (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP Data Session Closed (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 226 Directory send OK. (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) QUIT
(25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP -rw-r--r-- 1 0 0 927854 Feb 05 2008 20080204.log
-rw-r--r-- 1 0 0 1320666 Feb 06 2008 20080205.log
-rw-r--r-- 1 0 0 691898 Sep 24 16:07 20080924.log (25 MB Used)
: 9/24/2008 12:11:52 PM] (T:) _test - FTP 221 Goodbye. (25 MB Used)
FTP 425 Connection Reset and Timeout Problem
-
breun
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
For security reasons ASL by default doesn't allow loading kernel modules at runtime. You probably have ALLOW_kmod_loading="no" in /etc/asl/config. Modules loaded at boot will be allowed though.
Lemonbit Internet Dedicated Server Management
So that did the trick. I did the modprobe commands after rebooting the server (after enabling runtime module loading). Before running the commands but after the reboot I tested it and it failed, then ran the commands and tested it again and it worked. Here's my next question: How do I make these commands permanent to the system's startup routine, so that I can re-disable runtime module loading?
-
breun
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
I believe you can enable additional modules in /etc/sysconfig/iptables-config.
Lemonbit Internet Dedicated Server Management