LAN ftp server stalls after login

servnov · 11-20-2004, 02:09 PM

I have tried both ncftpd and vsftpd and opened up port 21 in iptables on the machine. I can easily login from another machine on my network but issuing the 'ls' cmd stalls the system. And, yes I HAVE tried both passive and non-passive modes with both daemons. What is the problem? I am thinking it might actually be a firewall problem. I will test that now.

trickykid · 11-30-2004, 01:03 PM

It won't be a firewall if it allows you access.. it would be a problem with the ftp daemons when issuing an ls command after connecting. And I'm 99.999999% positive the problem at hand is not your firewall.

servnov · 12-01-2004, 06:50 AM

I had to open up port src port 20 on my client machine. Now it works, thanks.

qwijibow · 12-01-2004, 10:48 AM

the nornal way is to load the ftp connection ftacking kernel module, and add a rule to the firewall to allow Established and Related traffic...
this is DEFINATLY a firewall problem.... im 100.000 % certain...

FTP only uses port 21 for commands... it uses a different port for data (data like output from the ls command, and get / put commands)

their are 2 types or FTP, Passive and Active... by opening port 20, you will enable one type of FTP, but not the other (one type uses port 20, the other uses a random high port)... to guarantee all ftp clients will work, use the ftp tracking method i mentioned above.

P.S. Take that Trickykid ! lol..

trickykid · 12-01-2004, 04:56 PM

Quote:

Originally posted by qwijibow
the nornal way is to load the ftp connection ftacking kernel module, and add a rule to the firewall to allow Established and Related traffic...
this is DEFINATLY a firewall problem.... im 100.000 % certain...

FTP only uses port 21 for commands... it uses a different port for data (data like output from the ls command, and get / put commands)

their are 2 types or FTP, Passive and Active... by opening port 20, you will enable one type of FTP, but not the other (one type uses port 20, the other uses a random high port)... to guarantee all ftp clients will work, use the ftp tracking method i mentioned above.

P.S. Take that Trickykid ! lol..

What's that suppose to mean? I never said it was a problem on the server side as its not nor ever was, the firewall on the server is not at fault in his case, he made no mentioning of having port 20 or any firewall on his client side blocked.

And you should learn to spell, its there not their!!!!!

qwijibow · 12-01-2004, 05:41 PM

There and Their.... this is what we call nit picking...
if were gonna start a nit picking contest, lets do it right.

this is how to nit pick..
you said.

Quote:

I never said it was a problem on the server side

but there it is...

Quote:

It won't be a firewall if it allows you access.. it would be a problem with the ftp daemons

an FTP daemon is a program running server side...
no it wasnt a problem server side... but yes you DID say that the problem was server side....

score 1 me.

and

Quote:

And I'm 99.999999% positive the problem at hand is not your firewall.

both firewalls belonged to him, therefore they are BOTH, HIS firewall's. and his client firewall was at fault.

score 2 to me...

now THAT is how to properly nitpick..
and contradicting yourself / backtracking after you are clearly wrong is far worse than mixing up there and their.

Okay.. i know being annoying... but that "take that Trickykid. lol.." was a joke... you had to start the nit picking....

so once again...... :smug look: :sticking tongue out: ha !