dont_stop_me

[Log in to get rid of this advertisement]

Hi,
I have a simple NAT server and it does not let through active FTP connections.
I use slackware 12.2 with standard kernel.
Here is my script :
did I miss something?
What should I do?

kentyler

Do you have ip forwarding enabled?

What are the outputs of the following?

/proc/sys/net/ipv4/ip_forward

/proc/sys/net/ipv4/conf/all/forwarding

/proc/sys/net/ipv4/conf/*/forwarding

dont_stop_me

They all are 1. I managed to get the internet working, I only had problems with active ftp.

baldy3105

In active FTP the control session is opened Client dynamic port to Server well known port(21). When you initiate a transfer the client opens a dynamic passive port and informs the servers of that port number. The server then connects to the client on that port to shift the data along.

So if your server is on the outside of your NAT its data connection is going to bounce off of the NAT translation table as the NAT device has no knowledge of the passive open port. To make this work the NAT device would need to be able to snoop on the control connection to see what port was agreed on between the client and the server. As far as I know this is not possible, and is what passive FTP was invented to get around anyway.

So use passive mode FTP and all will be well.

dont_stop_me

Hi,
thanks for your replies, baldy3105 you are right about active FTP, but there is a workaround. I did some reading and if you enable these two kernel modules, the computers behind the NAT can create active ftp connections.

ip_nat_ftp
ip_conntrack_ftp

baldy3105

Cool! Linux just never stops impressing me :-)