Ubuntu 10.04: OpenVZ Kernel and pure-ftpd issues on HOST (no guest setup yet)
- by Seidr
After compiling and installing the OpenVZ flavour of kernel under Ubuntu 10.04, I am unable to browse to certain directories when connecting to the pure-ftpd server.
The clients are dropping into PASSIVE mode, which is fine. This behaviour was happening before the change of kernel, however now when I browse to certain directories the connection just gets dropped. This only happens with a few directories under one login (web in specific), where as with another login it happens as soon as I connect.
I've got the nf_conntrack_ftp kernel module installed (required to keep track of passive FTP connections as I understand, and an alias of the ip_conntrack_ftp module), however this has provided no alleviation of my problem. This module was actually required upon initial setup of my OS to get passive FTP working correctly, however when I compiled the OpenVZ kernel a lot of these modules were missing (iptables, conntrack etc). I recompiled the kernel with the missing modules, but to no effect.
I've turned verbosity for the pure-ftpd server up, and still no clues have been spotted in either syslog or the transfer log. Neither did an strace provide any clues (that I could discern anyway) - although one strange thing is both in the output to the client and in the strace I notice that it does infact probe the directory and return the number of matches - it just fails after that.
One more thing to mention is that if I FTP using the same credentials locally, everything works fine. This suggests that it is in fact an issue with either the conntrack_ftp module not functioning as expected, or a deeper networking issue.
The Kernel was compiled and installed following the instructions at https://help.ubuntu.com/community/OpenVZ - bar the changes to the Kernel configuration (such as add iptables as a module).
Below is an example of the log sent to the data (under FileZilla).
Status: Resolving address of xxxx.co.uk
Status: Connecting to 78.46.xxx.xxx:21...
Status: Connection established, waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 4 of 10 allowed.
Response: 220-Local time is now 08:52. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: USER xxx
Response: 331 User xxx OK. Password required
Command: PASS ********
Response: 230-User xxx has group access to: client1 sshusers
Response: 230 OK. Current restricted directory is /
Command: OPTS UTF8 ON
Response: 200 OK, UTF-8 enabled
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is your current location
Status: Directory listing successful
Status: Retrieving directory listing...
Command: CWD /web
Response: 250 OK. Current directory is /web
Command: TYPE I
Response: 200 TYPE is now 8-bit binary
Command: PORT 10,0,2,30,14,143
Response: 500 I won't open a connection to 10.0.2.30 (only to 188.220.xxx.xxx)
Command: PASV
Response: 227 Entering Passive Mode (78,46,79,147,234,110)
Command: MLSD
Response: 150 Accepted data connection
Response: 226-ASCII
Response: 226-Options: -a -l
Response: 226 57 matches total
Error: Could not read from transfer socket: ECONNRESET - Connection reset by peer
Error: Failed to retrieve directory listing
Any suggestions please? I'm willing to try anything!
