Thursday, February 3, 2011

Debian Blocked IP's

I am debugging access to a remote service via. my Debian VPS. IPTables is used and allows outward port 21 traffic. The remote service is an FTP server (which I can access from my own PC and is not blocked by the remote service). I have also checked that Debian can access FTP servers (which it can).

I am wondering, what might Debian be using to block the IP? IPTables shows no blocked IP addresses. I also have dos-deflate installed although I have set that up for iptables. Any ideas on what might be blocking the connection?

PS: I get a "Connection Refused" when trying to use WGET to access the remote FTP (wget works with another FTP I used for testing).

From serverfault jSherz

  • It will probably give the same issue, but try doing a telnet to the remote IP telnet ip_address 21 to ensure it's an IP/port issue. If that says refused but you can FTP other networks (make sure they are other networks) then it's a firewall issue.

    Post your IPTables above (I know you say it's not the cause, but just to make sure!). You can also try asking your hosting provider to ensure that they're not blocking 21 outbound to that IP (extremely unlikely). Finally, ask the FTP service why they're blocking your IP address.

    jSherz : First of all, the FTP service provider have checked that they are not blocking my IP. I've put the output of iptables --list at http://pastebin.com/NkMEjAHm Telnet gives: telnet: Unable to connect to remote host: connection refused
    James Lawrie : From your IPTables it doesn't look as though you're blocking it. I'd recommend flushing the rules temporarily to make sure, but you've got a policy DROP in place so maybe not. If you're getting connection refused you're hitting the server (or at least a hardware firewall in front of it) and you're being reject by either the hardware firewall, software firewall, or FTP. Is it possible that their PAM is blocking you? Do you have any admin access to the server?
    jSherz : It's provided by a different company so I don't have admin access. PAM may be blocking me but I did ask them to check they weren't blocking me - which they said they were not (and being a professional server host one would hope that they would be right).
    From James Lawrie

  • FTP uses two ports, one for data transfer, the other for control. 21 is the control port, 20 the data port.

    You should open port 20 too (and this is active FTP, for passive FTP you need to open the ports used by your FTP software too)

    jSherz : I could successfully access another FTP site (which I used as a test). Opening port 20 did not work :(
    From Lekensteyn
Posted by Mu Cat at 8:51 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)