LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-14-2003, 02:34 PM   #1
paradoxlight
LQ Newbie
 
Registered: Jan 2002
Posts: 25

Rep: Reputation: 15
Windows FTP clients through Linux Firewall


I was hopping that somebody could help me with what looks like a firewall issue on the clients side.

We run an FTP server in house and it works for most all people trying to connect

The clients having trouble are ones running Linux (specifically redhat 7.x and above) and using windows boxes to connect with ftp clients to our server.

If the clients uses passive mode they connect OK but can't do things like create directories or upload files. Change directory seems to work OK.

If they use active mode they can't connect at all or have great troubles doing it.

I have ip_conntrack_ftp module running on their end so that can't be it. We even opened them up the ports quite a lot and still no go.

If I run an FTP session from that Linux box it connects perfect so I am assuming it has something to do with either the client OR IPTABLES.

However here is the wierd part. IE doesn't work, Command line doesn't work, BUT WS-FTP LE works awesome. Not sure what it does special but it works. Problem is that people won't just use that. They want their stuff to work.
 
Old 02-14-2003, 08:13 PM   #2
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
active ftp is a bit of a bugger. It uses port 21 to send commands etc and port 20 to send data. You have the conntrack module loaded so you need to configure the states to make this work. For passive FTP an ESTABLISHED connection is suffiecient but because active FTP uses a different port for the data you need to use the REALTED state. Check out http://www.sns.ias.edu/~jns/security...conntrack.html for a good description of this, down the bottom of the document there is a description of the state youneed to set for active (and passive) ftp to work.

Rich
 
Old 02-14-2003, 10:42 PM   #3
paradoxlight
LQ Newbie
 
Registered: Jan 2002
Posts: 25

Original Poster
Rep: Reputation: 15
Thanx for that info. That is acutally something that will help elsewhere.

I should add that I WANT the clients using Passive but that doesn't work either. They are able to log in, change directories and that is about it.
 
Old 02-16-2003, 12:59 AM   #4
Sutekh
Member
 
Registered: Apr 2002
Location: Melbourne, Australia
Distribution: Gentoo
Posts: 273

Rep: Reputation: 30
does LIST work? or can they only change directories if they know where the directory is. In other words do they log in send LIST and get the list of files? If they do then maybe it is a permission thing, although if WS FTP works then maybe not.

nothing in the logs that sheds any light? does it work on a machine on the local network (may prove whether it is iptables or something in the ftp setup, assuming that your local rules are fairly open) I guess you could log a session with tcpdump and run it though ethereal to see what might be going on.

Do you log dumped packets with iptables? If you don't that may also be worth trying see if after they connect packets start getting dumped. Just a the -LOG command before the final DROP

rich
 
Old 02-16-2003, 03:51 AM   #5
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
do not forget the passive port range ... if you can define a port range in your ftp server then define it in the firewall also ...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to share /var/ftp/pub/... to Windows clients rrobinet Linux - Networking 0 05-06-2004 01:23 AM
Linux Firewall, Clients won't be able to use MSN file transfer ljmeijer Linux - Networking 3 11-10-2003 01:28 PM
Linux Fileserver w/ Windows Clients rufius Linux - Networking 10 09-17-2003 11:58 PM
how to get linux xwindows on M$ windows clients mayankjohri Linux - Software 4 04-03-2003 12:53 PM
Clients being linux can't use Active mode FTP paradoxlight Linux - Networking 1 03-10-2003 08:41 AM


All times are GMT -5. The time now is 02:43 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration