Re: Problem with FTP

From: Philippe WEILL (Philippe.Weill_at_aero.jussieu.fr)
Date: 12/17/04 

Date: Fri, 17 Dec 2004 16:25:58 +0100

Daniel Camps wrote:
> I have a gateway running Linux and a LAN, I have a Firewall configured
> in the gateway and I oppened there the FTP ports 20 and 21 in both
> directions, with this I wanted to allow the active and passive FTP
> modes, I know that in active mode when the server starts the
> connection it uses a random port but I think that most of them use the
> port number 20.
>
> My problem is that I can not do a ftp download from the clients in the
> LAN, I have tried to use netscape and the ftp console tool that comes
> with fedora core 1, and neither of them is working. With the console
> tool the behavior is the following: I can log into the FTP server, and
> the server asks me for the username and password and everything works,
> so the port 21 is working fine I guess. Then my client says that it
> starts the passive mode, but I can not even do an ls in the FTP
> server. Does any of you have the same problem ? and any idea about how
> to solve it ?
>
> By the way, another question is about if it's possible to configure
> netscape for using active or passive mode I didn't find any option to
> do this. And still another question about the FTP itself, is there any
> kind of negotiation about what ftp mode (active or passive) use ? or
> the client asks the server to use one specific mode or if the server
> is configured to use active mode and the client passive mode it simply
> doesn't work ?
>
> Thanks a lot !

On your gateway did you load ip_conntrack_ftp or ip_nat_ftp kernel module
and check your iptables rules 

-- 
  Weill Philippe -  Administrateur Systeme et Reseaux

Relevant Pages

  • Re: FTP Server setup... Im so close!
    ... > I have installed the Internet Information Services, etc, and have the FTP ... Your external client is trying to use Passive Mode. ... Since your server is behind NAT, ...
    (microsoft.public.windowsxp.network_web)
  • Re: Microsoft FTP Server problem on W2K?
    ... I have technical responsibility for this FTP implementation, ... Since PASV voids PORT, the client side ... connect to the server from" isn't implied by the text of the RFC. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Telnet/ftp problems SBS2000
    ... | through the server to get internet access everything works. ... | client uses an internet backup company to backup his really vital data, ... I understand that you cannot use ftp service to ... the connection can be established ...
    (microsoft.public.windows.server.sbs)
  • [NEWS] Directory Traversal Vulnerabilities in FTP Clients
    ... vulnerable to certain directory traversal attacks by modified FTP servers. ... file/directory permissions and the privilege level of the client. ... A malicious server could potentially overwrite key files to cause a denial ... your vendor, or the associated CERT vulnerability note, if your product is ...
    (Securiteam)
  • Re: Configure ISA to allow ISA Server to make external FTP Connect
    ... your Server name and select properties, Installation mode is listed at the ... client, as well as being all three at the same time. ... This means that the workstation has the proxy server details ... Enter the name 'FTP Access', press next twice, from the drop down box ...
    (microsoft.public.isa.configuration)