Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

iptables, ftp, 224.0.0.251, and an upgrade gone wrong

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
rudydehaas
Posts: 2
Joined: 2017-09-27 16:52

iptables, ftp, 224.0.0.251, and an upgrade gone wrong

#1 Post by rudydehaas »

Last week I ran an upgrade to jessie that went horribly wrong - I left it to run and came back find nothing working - rebooted and have been cleaning up ever since.

A key remaining problem is:
--
ftp localhost
ftp: connect: Connection refused
ftp> e
which produces this log record

Sep 27 11:37:48 suni kernel: [ 5747.241087] iptables denied: IN=eth0 OUT= MAC= SRC=96.53.6.178 DST=224.0.0.251 LEN=72 TOS=0x00 PREC=0x00 TTL=255 ID=17232 DF PROTO=UDP SPT=5353 DPT=5353 LEN=52
Sep 27 11:37:49 suni kernel: [ 5748.242291] iptables denied: IN=eth0 OUT= MAC= SRC=96.53.6.178 DST=224.0.0.251 LEN=72 TOS=0x00 PREC=0x00 TTL=255 ID=17320 DF PROTO=UDP SPT=5353 DPT=5353 LEN=52

iptables are set to defaults, mail and http work -everything is open. nsswitch has

hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4

and hosts is the original file from wheezy where everything worked.

I've installed two different ftp servers (pro and vs) with no effect; ftp somewhere.com works fine.

this is undoubtedly (?) a minor error somewhere but I'm baffled on where or what

Does anyone have an iptables ruleset that allows open ftp/http/smtp and nothing else?

rudydehaas
Posts: 2
Joined: 2017-09-27 16:52

Re: iptables, ftp, 224.0.0.251, and an upgrade gone wrong

#2 Post by rudydehaas »

I deleted and reinstalled proftpd...

Now:
ftp suni
Connected to localhost.
421 Service not available, remote server has closed connection
ftp> e

but:
ps -elf | grep ftp
5 S proftpd 6469 1 0 80 0 - 24554 - 15:59 ? 00:00:00 proftpd: (accepting connections)

and the log still says
Sep 29 16:02:20 suni kernel: [194420.092657] iptables denied: IN=eth0 OUT= MAC= SRC=96.53.6.178 DST=224.0.0.251 LEN=71 TOS=0x00 PREC=0x00 TTL=255 ID=4466 DF PROTO=UDP SPT=5353 DPT=5353 LEN=51

I'm guessing the system is missing a config file somewhere.. but which one and where? my xinetd.d dir is suspiciously empty..

ls
chargen daytime discard echo time

help! (please).
rt %

p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: iptables, ftp, 224.0.0.251, and an upgrade gone wrong

#3 Post by p.H »

These iptables logs have nothing to do with FTP. They are just multicast DNS (mDNS) packets received by your system.

Your problem is with the FTP server configuration.

Post Reply