Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I was hopping that somebody could help me with what looks like a firewall issue on the clients side.
We run an FTP server in house and it works for most all people trying to connect
The clients having trouble are ones running Linux (specifically redhat 7.x and above) and using windows boxes to connect with ftp clients to our server.
If the clients uses passive mode they connect OK but can't do things like create directories or upload files. Change directory seems to work OK.
If they use active mode they can't connect at all or have great troubles doing it.
I have ip_conntrack_ftp module running on their end so that can't be it. We even opened them up the ports quite a lot and still no go.
If I run an FTP session from that Linux box it connects perfect so I am assuming it has something to do with either the client OR IPTABLES.
However here is the wierd part. IE doesn't work, Command line doesn't work, BUT WS-FTP LE works awesome. Not sure what it does special but it works. Problem is that people won't just use that. They want their stuff to work.
active ftp is a bit of a bugger. It uses port 21 to send commands etc and port 20 to send data. You have the conntrack module loaded so you need to configure the states to make this work. For passive FTP an ESTABLISHED connection is suffiecient but because active FTP uses a different port for the data you need to use the REALTED state. Check out http://www.sns.ias.edu/~jns/security...conntrack.html for a good description of this, down the bottom of the document there is a description of the state youneed to set for active (and passive) ftp to work.
does LIST work? or can they only change directories if they know where the directory is. In other words do they log in send LIST and get the list of files? If they do then maybe it is a permission thing, although if WS FTP works then maybe not.
nothing in the logs that sheds any light? does it work on a machine on the local network (may prove whether it is iptables or something in the ftp setup, assuming that your local rules are fairly open) I guess you could log a session with tcpdump and run it though ethereal to see what might be going on.
Do you log dumped packets with iptables? If you don't that may also be worth trying see if after they connect packets start getting dumped. Just a the -LOG command before the final DROP