Hi,

if you read other posts, I lost my NAT this year to a raccon.

I since was able to get SuseFirewall back so that my internal can go out and to the DMZ.

I have a web server in the DMZ and it doubles as an ftp server for internal ( for Suse installs ).

Web works fine from internal and external.

I can browse fine from the DMZ.

I can ftp ( smartftp from a windows box ) and update my web site from internal.

I cannot , however get my ftp install to work. I ran iptraf to monitor. I can ping the machine from the DMZ to the internal and I can ping the ftp server from the internal. ( testing reasons )

I had noticed that my smartftp was taking a bit longer to connect but did not have the time to investigate before.

What I see is this, on iptraf on the web/ftp server, I see the machine attempt to connect and I see a high ( 30K + ) port set up. The installation times out however. ( if I use a false name / password or such I get dropped right away, so I believe they make connection )

I tried smartftp while I was watching iptraf, it tries a high port as well and waits, it then drops PASV and tries a lower port, say 1200 or so. It then connects and I am fine. ( explains my delay somewhat )

The installation must not make an attempt to go to a lower port.

What do I need to look for?

hmmm, never thought to try and internal link to the web to see what kind of port I get there.

Thoughts please?

Thx
Mike

I'm a little lost, thats easy to do.

What ftp server are you using? What client? And maybe a little clearer topography of your network.

It may be just a matter of setting up your firewall to allow traffic on some high ports so the clients can make passive connections. Your ftp server may need to set up a little different.


Thanks

dan

I use the Suse / Yast to set up the ftp server. I believe it is vsftp.
What of the topology would you like to know?
eth0 is external,
eth1 is internal,
eth2 is DMZ.
The ftp server is in the DMZ ( I want to later be able to use it external as well and it is on my web server ).
I update the web site from internal, connecting with smartftp on a windows machine. Itg connects but is slow about it because it drops to a lower port before a real connection is established.
The other ftp conection is with the Suse installation option to install via ftp. I have no idea what they use. I do see the request on the ftp server ( via iptraf ) but whereas the smartftp drops to a lower port and goes on, the install does not.
If I use an incorrect name or file path, I am dropped right away from the ftp server so I know they are communicating. They just are not able to connect at the high port and the install program doen not drop to a low port to try.
I do not want toi fix the install program, I want to know why they cannot connect on the high port.

Thanks

Mike

Is there a simple method for testing port connections both directions ? ( from and to the DMZ from and to the internal ) I must have something set wrong in the NAT firewall because it did work at one time.

I am still a noob at this

mike

Also,

I thought 1024 was the high / low port line. Why is it that I can get connection in the 1400 to 1700 range but not higher?

I need to know what more you need to know about the set up. I think the ftp deamon is vsftp. From a Suse 9.0 installation.

Thanks Mike