On Sun, 05 Jul 2015 16:24:05 -0400 Louis Wust <louisw...@fastmail.fm> wrote:
> Just to clear things up, take a look at the vsftpd.conf(5) man page: > > listen_ipv6 > Like the listen parameter, except vsftpd will listen on an IPv6 > socket instead of an IPv4 one. Note that a socket listening on the > IPv6 "any" address (::) will accept both IPv6 and IPv4 connections > by default. This parameter and the listen parameter are mutually > exclusive. > Default: NO > > That explains why, by default, the vsftpd package in Debian ships with > these options: > > listen=NO > listen_ipv6=YES > > The "listen_ipv6" option configures vsftpd to listen for IPv6 > connections AND IPv4 connections simultaneously. This works despite > netstat listing only a tcp6 port: > > On Sat, Jul 4, 2015, at 01:22, bri...@aracnet.com wrote: > > tcp6 0 0 [::]:ftp [::]:* > > LISTEN 29400/vsftpd > > I confirmed that both modes actually work as advertised by connecting to > vsftpd using my Debian ftp client, while listening for IPv4 and IPv6 > traffic using Wireshark. Both "ftp 192.168.1.5" and "ftp abcd::0001" > were successful, and resulted in the expected IPv4 or IPv6 network > traffic being captured. > > > well i have configured BOTH machines thusly : > > > > listen=YES > > #listen_ipv6=YES > > > > and then it works on BOTH machines. This most certainly points to > > some issue with IPV6. > > Excellent! If this works for you, then by all means keep your > configuration as it is. However... > > On Sun, Jul 5, 2015, at 10:43, bri...@aracnet.com wrote: > > There is a problem here, one I should most likely fix, but i can't > > figure out what it is. > > It sounds like you're not quite satisfied. > > On Sun, 5 Jul 2015 08:55:28 +0200 Petter Adsen <pet...@synth.no> wrote: > > Maybe machine2 has no ip6tables rules, or rules that allow the access, > > and machine1 blocks it? Or maybe only machine2 has IPv6 enabled? > > This is a good thought, and begs a simple experiment. To briand: try > resetting your machine1 configuration so that: > > listen=NO > listen_ipv6=YES > > Make sure to restart vsftpd! And then, from machine2, try connecting to > machine1 via ftp, but this time instead of typing "ftp machine1" where > machine1 is the machine's hostname, maybe try "ftp 192.168.x.x" where > 192.168.x.x (or 10.x.x.x or whatever) is the IPv4 address of machine1. > That way, we can be sure that ftp is connecting using IPv4 instead of > IPv6. If this works, then we can be sure that there is something wrong > with the IPv6 configuration (probably a firewall rule). Try it (i.e., > ftp 192.168.x.x) from machine1 as well. machine1 netstat -a | grep ftp tcp6 0 0 [::]:ftp [::]:* LISTEN ftp machine1 : connection refused ftp 192.168.x.x: connection refused pushed vsftpd.conf back to LISTEN=YES #listen_ipv6=YES and both ftp machine1 and ftp <ipadress> work. > > On Fri, Jul 3, 2015, at 23:55, Alexis wrote: > > Check that vsftpd is indeed listening on the relevant port(s). If it's > > not, check vsftpd logs to see whether it produced any errors or > > warning on startup, and check your vsftpd configuration accordingly. no errors or warnings. > > This is the only other possibility I can think of as well, and based on > the output of netstat, vsftpd is up and running. I'm not sure where to > go from here if "ftp 192.168.x.x" doesn't work. > It's definitely not a good thing that there is this disparity between machines. Clearly something about ipv6 is being handled differently. These lines are in machine1's /etc/hosts file and _not_ in machine2's /etc/hosts file: fe00::0 ip6-localnet ff00::0 ip6-mcastprefix i commented them out and they do not make a difference. Thanks very much for the help. Brian -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150705184144.42df7...@cedar.deldotd.com
