iptables, ftp, 224.0.0.251, and an upgrade gone wrong

Kernels & Hardware, configuring network, installing services

iptables, ftp, 224.0.0.251, and an upgrade gone wrong

Postby rudydehaas » 2017-09-27 17:04

Last week I ran an upgrade to jessie that went horribly wrong - I left it to run and came back find nothing working - rebooted and have been cleaning up ever since.

A key remaining problem is:
--
ftp localhost
ftp: connect: Connection refused
ftp> e
which produces this log record

Sep 27 11:37:48 suni kernel: [ 5747.241087] iptables denied: IN=eth0 OUT= MAC= SRC=96.53.6.178 DST=224.0.0.251 LEN=72 TOS=0x00 PREC=0x00 TTL=255 ID=17232 DF PROTO=UDP SPT=5353 DPT=5353 LEN=52
Sep 27 11:37:49 suni kernel: [ 5748.242291] iptables denied: IN=eth0 OUT= MAC= SRC=96.53.6.178 DST=224.0.0.251 LEN=72 TOS=0x00 PREC=0x00 TTL=255 ID=17320 DF PROTO=UDP SPT=5353 DPT=5353 LEN=52

iptables are set to defaults, mail and http work -everything is open. nsswitch has

hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4

and hosts is the original file from wheezy where everything worked.

I've installed two different ftp servers (pro and vs) with no effect; ftp somewhere.com works fine.

this is undoubtedly (?) a minor error somewhere but I'm baffled on where or what

Does anyone have an iptables ruleset that allows open ftp/http/smtp and nothing else?
rudydehaas
 
Posts: 2
Joined: 2017-09-27 16:52

Re: iptables, ftp, 224.0.0.251, and an upgrade gone wrong

Postby rudydehaas » 2017-09-29 21:16

I deleted and reinstalled proftpd...

Now:
ftp suni
Connected to localhost.
421 Service not available, remote server has closed connection
ftp> e

but:
ps -elf | grep ftp
5 S proftpd 6469 1 0 80 0 - 24554 - 15:59 ? 00:00:00 proftpd: (accepting connections)

and the log still says
Sep 29 16:02:20 suni kernel: [194420.092657] iptables denied: IN=eth0 OUT= MAC= SRC=96.53.6.178 DST=224.0.0.251 LEN=71 TOS=0x00 PREC=0x00 TTL=255 ID=4466 DF PROTO=UDP SPT=5353 DPT=5353 LEN=51

I'm guessing the system is missing a config file somewhere.. but which one and where? my xinetd.d dir is suspiciously empty..

ls
chargen daytime discard echo time

help! (please).
rt %
rudydehaas
 
Posts: 2
Joined: 2017-09-27 16:52

Re: iptables, ftp, 224.0.0.251, and an upgrade gone wrong

Postby p.H » 2017-09-29 21:26

These iptables logs have nothing to do with FTP. They are just multicast DNS (mDNS) packets received by your system.

Your problem is with the FTP server configuration.
p.H
 
Posts: 81
Joined: 2017-09-17 07:12


Return to System configuration

Who is online

Users browsing this forum: No registered users and 10 guests

fashionable