ftp server issue
Hi,
if you read other posts, I lost my NAT this year to a raccon. I since was able to get SuseFirewall back so that my internal can go out and to the DMZ. I have a web server in the DMZ and it doubles as an ftp server for internal ( for Suse installs ). Web works fine from internal and external. I can browse fine from the DMZ. I can ftp ( smartftp from a windows box ) and update my web site from internal. I cannot , however get my ftp install to work. I ran iptraf to monitor. I can ping the machine from the DMZ to the internal and I can ping the ftp server from the internal. ( testing reasons ) I had noticed that my smartftp was taking a bit longer to connect but did not have the time to investigate before. What I see is this, on iptraf on the web/ftp server, I see the machine attempt to connect and I see a high ( 30K + ) port set up. The installation times out however. ( if I use a false name / password or such I get dropped right away, so I believe they make connection ) I tried smartftp while I was watching iptraf, it tries a high port as well and waits, it then drops PASV and tries a lower port, say 1200 or so. It then connects and I am fine. ( explains my delay somewhat ) The installation must not make an attempt to go to a lower port. What do I need to look for? hmmm, never thought to try and internal link to the web to see what kind of port I get there. Thoughts please? Thx Mike |
I'm a little lost, thats easy to do.
What ftp server are you using? What client? And maybe a little clearer topography of your network. It may be just a matter of setting up your firewall to allow traffic on some high ports so the clients can make passive connections. Your ftp server may need to set up a little different. Thanks dan |
I use the Suse / Yast to set up the ftp server. I believe it is vsftp.
What of the topology would you like to know? eth0 is external, eth1 is internal, eth2 is DMZ. The ftp server is in the DMZ ( I want to later be able to use it external as well and it is on my web server ). I update the web site from internal, connecting with smartftp on a windows machine. Itg connects but is slow about it because it drops to a lower port before a real connection is established. The other ftp conection is with the Suse installation option to install via ftp. I have no idea what they use. I do see the request on the ftp server ( via iptraf ) but whereas the smartftp drops to a lower port and goes on, the install does not. If I use an incorrect name or file path, I am dropped right away from the ftp server so I know they are communicating. They just are not able to connect at the high port and the install program doen not drop to a low port to try. I do not want toi fix the install program, I want to know why they cannot connect on the high port. Thanks Mike |
Is there a simple method for testing port connections both directions ? ( from and to the DMZ from and to the internal ) I must have something set wrong in the NAT firewall because it did work at one time.
I am still a noob at this mike |
Also,
I thought 1024 was the high / low port line. Why is it that I can get connection in the 1400 to 1700 range but not higher? I need to know what more you need to know about the set up. I think the ftp deamon is vsftp. From a Suse 9.0 installation. Thanks Mike |
All times are GMT -5. The time now is 05:30 PM. |