Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I was hopping that somebody could help me with what looks like a firewall issue on the clients side.
We run an FTP server in house and it works for most all people trying to connect
The clients having trouble are ones running Linux (specifically redhat 7.x and above) and using windows boxes to connect with ftp clients to our server.
If the clients uses passive mode they connect OK but can't do things like create directories or upload files. Change directory seems to work OK.
If they use active mode they can't connect at all or have great troubles doing it.
I have ip_conntrack_ftp module running on their end so that can't be it. We even opened them up the ports quite a lot and still no go.
If I run an FTP session from that Linux box it connects perfect so I am assuming it has something to do with either the client OR IPTABLES.
However here is the wierd part. IE doesn't work, Command line doesn't work, BUT WS-FTP LE works awesome. Not sure what it does special but it works. Problem is that people won't just use that. They want their stuff to work.
active ftp is a bit of a bugger. It uses port 21 to send commands etc and port 20 to send data. You have the conntrack module loaded so you need to configure the states to make this work. For passive FTP an ESTABLISHED connection is suffiecient but because active FTP uses a different port for the data you need to use the REALTED state. Check out http://www.sns.ias.edu/~jns/security...conntrack.html for a good description of this, down the bottom of the document there is a description of the state youneed to set for active (and passive) ftp to work.
does LIST work? or can they only change directories if they know where the directory is. In other words do they log in send LIST and get the list of files? If they do then maybe it is a permission thing, although if WS FTP works then maybe not.
nothing in the logs that sheds any light? does it work on a machine on the local network (may prove whether it is iptables or something in the ftp setup, assuming that your local rules are fairly open) I guess you could log a session with tcpdump and run it though ethereal to see what might be going on.
Do you log dumped packets with iptables? If you don't that may also be worth trying see if after they connect packets start getting dumped. Just a the -LOG command before the final DROP