standalone gridftp-server can't do EPSV or PASV, why?
66 views
Skip to first unread message
Petra zeidler
Sep 7, 2022, 1:48:01 PM9/7/22
to Discuss
Dear all,
this is about a standalone gridftp-server on RedHat 8.6, login via GSI succeeds, e.g. "ls" fails.
It's supposed to be the successor to an elderly gridftp-server where IT security has issued a "update or get off the network"; it has inherited most of its config from the working older instance.
log says:
ts=2022-09-07T17:05:14.953310Z id=432017 event=globus-gridftp-server.session.message sender=client msg="PASS dummy "
ts=2022-09-07T17:05:14.953320Z id=432017 event=globus-gridftp-server.session.message sender=server msg="230 User test logged in. "
ts=2022-09-07T17:05:14.953758Z id=432017 event=globus-gridftp-server.session.message sender=client msg="FEAT "
ts=2022-09-07T17:05:14.953785Z id=432017 event=globus-gridftp-server.session.message sender=server msg="211-Extensions supported CKSM MD5:10;ADLER32:10;SHA1:10;SHA256:11;SHA512:12; DSI file-13.24 STORATTR HTTP DCSC P,D MFMT WHOAMI AUTHZ_ASSERT MLSR MLSC UTF8 LANG EN DCAU PARALLEL SIZE MLST Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.uid*;UNIX.group*;UNIX.gid*;Unique*;UNIX.slink*;X.count; ERET ESTO SPAS SPOR REST STREAM MDTM PASV AllowDelayed; 211 End. "
ts=2022-09-07T17:05:18.170067Z id=432017 event=globus-gridftp-server.session.message sender=client msg="MODE S "
ts=2022-09-07T17:05:18.170077Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 Mode set to S. "
ts=2022-09-07T17:05:18.170183Z id=432017 event=globus-gridftp-server.session.message sender=client msg="DCAU A "
ts=2022-09-07T17:05:18.170189Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 DCAU A. "
ts=2022-09-07T17:05:18.170258Z id=432017 event=globus-gridftp-server.session.message sender=client msg="PBSZ 1135616 "
ts=2022-09-07T17:05:18.170263Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 PBSZ=1135616 "
ts=2022-09-07T17:05:18.170358Z id=432017 event=globus-gridftp-server.session.message sender=client msg="PROT C "
ts=2022-09-07T17:05:18.170364Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 Protection level set to C. "
ts=2022-09-07T17:05:18.170430Z id=432017 event=globus-gridftp-server.session.message sender=client msg="TYPE I "
ts=2022-09-07T17:05:18.170435Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 Type set to I. "
ts=2022-09-07T17:05:18.170499Z id=432017 event=globus-gridftp-server.session.message sender=client msg="EPSV "
ts=2022-09-07T17:05:18.170747Z id=432017 event=globus-gridftp-server.session.message sender=server msg="500-Command failed. 500- : globus_i_gfs_data.c:globus_i_gfs_data_request_passive:8035: 500-globus_ftp_control_local_pasv failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_server_init:1648: 500-globus_l_xio_tcp_contact_string failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_contact_string:1170: 500-globus_libc_addr_to_contact_string failed. 500-globus_libc.c:globus_libc_addr_to_contact_string:2900: 500-globus_libc_gethostaddr failed 500 End. "
ts=2022-09-07T17:05:18.170947Z id=432017 event=globus-gridftp-server.session.message sender=client msg="PASV "
ts=2022-09-07T17:05:18.171074Z id=432017 event=globus-gridftp-server.session.message sender=server msg="500-Command failed. 500- : globus_i_gfs_data.c:globus_i_gfs_data_request_passive:8035: 500-globus_ftp_control_local_pasv failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_server_init:1648: 500-globus_l_xio_tcp_contact_string failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_contact_string:1170: 500-globus_libc_addr_to_contact_string failed. 500-globus_libc.c:globus_libc_addr_to_contact_string:2900: 500-globus_libc_gethostaddr failed 500 End. "
ts=2022-09-07T17:05:14.953320Z id=432017 event=globus-gridftp-server.session.message sender=server msg="230 User test logged in. "
ts=2022-09-07T17:05:14.953758Z id=432017 event=globus-gridftp-server.session.message sender=client msg="FEAT "
ts=2022-09-07T17:05:14.953785Z id=432017 event=globus-gridftp-server.session.message sender=server msg="211-Extensions supported CKSM MD5:10;ADLER32:10;SHA1:10;SHA256:11;SHA512:12; DSI file-13.24 STORATTR HTTP DCSC P,D MFMT WHOAMI AUTHZ_ASSERT MLSR MLSC UTF8 LANG EN DCAU PARALLEL SIZE MLST Type*;Size*;Modify*;Perm*;Charset;UNIX.mode*;UNIX.owner*;UNIX.uid*;UNIX.group*;UNIX.gid*;Unique*;UNIX.slink*;X.count; ERET ESTO SPAS SPOR REST STREAM MDTM PASV AllowDelayed; 211 End. "
ts=2022-09-07T17:05:18.170067Z id=432017 event=globus-gridftp-server.session.message sender=client msg="MODE S "
ts=2022-09-07T17:05:18.170077Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 Mode set to S. "
ts=2022-09-07T17:05:18.170183Z id=432017 event=globus-gridftp-server.session.message sender=client msg="DCAU A "
ts=2022-09-07T17:05:18.170189Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 DCAU A. "
ts=2022-09-07T17:05:18.170258Z id=432017 event=globus-gridftp-server.session.message sender=client msg="PBSZ 1135616 "
ts=2022-09-07T17:05:18.170263Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 PBSZ=1135616 "
ts=2022-09-07T17:05:18.170358Z id=432017 event=globus-gridftp-server.session.message sender=client msg="PROT C "
ts=2022-09-07T17:05:18.170364Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 Protection level set to C. "
ts=2022-09-07T17:05:18.170430Z id=432017 event=globus-gridftp-server.session.message sender=client msg="TYPE I "
ts=2022-09-07T17:05:18.170435Z id=432017 event=globus-gridftp-server.session.message sender=server msg="200 Type set to I. "
ts=2022-09-07T17:05:18.170499Z id=432017 event=globus-gridftp-server.session.message sender=client msg="EPSV "
ts=2022-09-07T17:05:18.170747Z id=432017 event=globus-gridftp-server.session.message sender=server msg="500-Command failed. 500- : globus_i_gfs_data.c:globus_i_gfs_data_request_passive:8035: 500-globus_ftp_control_local_pasv failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_server_init:1648: 500-globus_l_xio_tcp_contact_string failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_contact_string:1170: 500-globus_libc_addr_to_contact_string failed. 500-globus_libc.c:globus_libc_addr_to_contact_string:2900: 500-globus_libc_gethostaddr failed 500 End. "
ts=2022-09-07T17:05:18.170947Z id=432017 event=globus-gridftp-server.session.message sender=client msg="PASV "
ts=2022-09-07T17:05:18.171074Z id=432017 event=globus-gridftp-server.session.message sender=server msg="500-Command failed. 500- : globus_i_gfs_data.c:globus_i_gfs_data_request_passive:8035: 500-globus_ftp_control_local_pasv failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_server_init:1648: 500-globus_l_xio_tcp_contact_string failed. 500-globus_xio_tcp_driver.c:globus_l_xio_tcp_contact_string:1170: 500-globus_libc_addr_to_contact_string failed. 500-globus_libc.c:globus_libc_addr_to_contact_string:2900: 500-globus_libc_gethostaddr failed 500 End. "
firewall problems are unlikely since the client in this case was on the same host.
The host has no IPv6, but 2 interfaces (and will be behind NAT when not talking to itselfi, provided the issues can be resolved)
it's run as the RedHat globus-gridftp-server.service (via sysctl)
Nameservice is available and working
Any pointers what may be causing this failure?
Versions in case that is relevant:
globus_gridftp_server: 13.24 (1653033972-1)
globus_gfork: 5.0 (1536386276-0)
globus_xio_queue: 6.6 (1653033972-1)
globus_gridftp_server_file: 13.24 (1653033972-1)
globus_gsi_authz_callout_error_module: 4.2 (1607703417-0)
globus_gsi_authz: 4.6 (1653033972-1)
globus_xio_pipe: 4.1 (1566483868-0)
globus_xio_telnet: 6.6 (1653033972-1)
globus_xio_gssapi_ftp: 9.3 (1653033972-1)
globus_gridftp_server_control: 9.3 (1653033972-1)
globus_gsi_callback_module: 6.2 (1607703417-0)
globus_credential: 8.3 (1629915172-0)
globus_gsi_proxy: 9.8 (1653033972-1)
globus_gsi_openssl_error: 4.4 (1653033972-1)
globus_openssl: 5.2 (1607703417-0)
globus_gsi_gssapi: 14.20 (1653033972-1)
globus_sysconfig: 9.5 (1653033972-1)
globus_callout_module: 4.3 (1607703417-0)
globus_gss_assist: 12.7 (1653033972-1)
globus_xio_gsi: 5.4 (1629915172-0)
globus_xio_tcp: 6.6 (1653033972-1)
globus_xio_system_select: 6.6 (1653033972-1)
globus_xio_file: 6.6 (1653033972-1)
globus_io: 12.4 (1653033972-1)
globus_ftp_control: 9.10 (1653033972-1)
globus_gridftp_server: 13.24 (1653033972-1)
globus_xio: 6.6 (1653033972-1)
globus_extension_module: 18.13 (1653033972-1)
globus_callback_nonthreaded: 18.13 (1653033972-1)
globus_callback: 18.13 (1653033972-1)
globus_object: 18.13 (1653033972-1)
globus_error: 18.13 (1653033972-1)
globus_common: 18.13 (1653033972-1)
globus_thread_common: 18.13 (1653033972-1)
globus_thread_none: 18.13 (1653033972-1)
globus_thread: <no version>
globus_gfork: 5.0 (1536386276-0)
globus_xio_queue: 6.6 (1653033972-1)
globus_gridftp_server_file: 13.24 (1653033972-1)
globus_gsi_authz_callout_error_module: 4.2 (1607703417-0)
globus_gsi_authz: 4.6 (1653033972-1)
globus_xio_pipe: 4.1 (1566483868-0)
globus_xio_telnet: 6.6 (1653033972-1)
globus_xio_gssapi_ftp: 9.3 (1653033972-1)
globus_gridftp_server_control: 9.3 (1653033972-1)
globus_gsi_callback_module: 6.2 (1607703417-0)
globus_credential: 8.3 (1629915172-0)
globus_gsi_proxy: 9.8 (1653033972-1)
globus_gsi_openssl_error: 4.4 (1653033972-1)
globus_openssl: 5.2 (1607703417-0)
globus_gsi_gssapi: 14.20 (1653033972-1)
globus_sysconfig: 9.5 (1653033972-1)
globus_callout_module: 4.3 (1607703417-0)
globus_gss_assist: 12.7 (1653033972-1)
globus_xio_gsi: 5.4 (1629915172-0)
globus_xio_tcp: 6.6 (1653033972-1)
globus_xio_system_select: 6.6 (1653033972-1)
globus_xio_file: 6.6 (1653033972-1)
globus_io: 12.4 (1653033972-1)
globus_ftp_control: 9.10 (1653033972-1)
globus_gridftp_server: 13.24 (1653033972-1)
globus_xio: 6.6 (1653033972-1)
globus_extension_module: 18.13 (1653033972-1)
globus_callback_nonthreaded: 18.13 (1653033972-1)
globus_callback: 18.13 (1653033972-1)
globus_object: 18.13 (1653033972-1)
globus_error: 18.13 (1653033972-1)
globus_common: 18.13 (1653033972-1)
globus_thread_common: 18.13 (1653033972-1)
globus_thread_none: 18.13 (1653033972-1)
globus_thread: <no version>
kind regards,
Petra Zeidler
Chandin Wilson
Sep 7, 2022, 2:01:48 PM9/7/22
to petra....@dlr.de, dis...@globus.org
Just reading the log trace here, do all IPs configured on the system have /etc/hosts and/or DNS entries?
Eli Dart
Sep 7, 2022, 2:27:49 PM9/7/22
to Chandin Wilson, petra....@dlr.de, dis...@globus.org
Yeah, my thought too: 500-globus_libc_gethostaddr failed
Thanks,
Eli
Eli Dart, Network Engineer NOC: (510) 486-7600
Group Leader, ESnet Science Engagement Group (800) 333-7638
Lawrence Berkeley National Laboratory
Petra zeidler
Sep 9, 2022, 3:20:22 AM9/9/22
to Discuss, da...@es.net, Petra zeidler, dis...@globus.org, chandin...@noaa.gov
thanks for your suggestions.
name resolution wasn't directly the problem:
strace found the issue. I had copied the chroot from the old system, and that had dev empty.
With dev properly populated data channels now work.
kind regards,
Petra Zeidler
Reply all
Reply to author
Forward
0 new messages