Well... I knew that a firewall could generate a few problems, but this one, I did not expect!

I just could not FTP anything from my FedoraCore box. I checked the source system firewall, tweaked all sorts of options in the vsftpd.conf file to no aval.

The error I was getting was this:

Mon Aug 11 21:31:57 2008 [pid 12033] CONNECT: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12032] [alexis] OK LOGIN: Client "192.168.2.11"
Mon Aug 11 21:31:57 2008 [pid 12034] [alexis] FAIL DOWNLOAD: Client "192.168.2.11", \
               "{fullpath to}/ubuntu-8.04.1-server-amd64.iso", 0.00Kbyte/sec

I read that permissions could be wrong. Not the case.

The firewall has some REJECT and DROP rules. None of which would increase when I was getting the FAIL DOWNLOAD message.

The fact was that the FedoraCore system firewall was not accepting the connection. That's why it would fail. I thus opened the firewall a bit by adding a rule like this:

-A INPUT -i eth0 -p tcp -m tcp -s 192.168.2.1 -d 192.168.2.2 --sport 20 -j ACCEPT

Then it finally worked.

Note that I am using FTP in non-passive mode. This is important because I do not want to open "random" ports on my server. There is nothing to control that in vsftpd as far as I know. Which sucks. My company's FTP server will automatically change the firewall and open ports as required. Once the FTP connection ends, the port is closed in the firewall. This means the port is open only very temporarily.

Anyway, all that to say that the message FAIL DOWNLOAD blah means nothing when it could be telling you: could not connect to client. At least that way you'd know right away what's wrong.