Xandros (Debian) FTP Listing errors.

colabus · 03-29-2004, 09:59 PM

Sup guys,
I'm having a bit of trouble with listing on some FTPs. I'm on my windows machine and have my network setup so everything is done through a Xandros box. With most ftps I commonly use all is fine but some I have listing errors.

A mate suggested using: insmod ip_conntrack_ftp

but I seem to have the same problem, I also tried using PASV mode, but with no luck.

Maybe someone else has had this problem?

Thanks in advance

wiBo · 03-30-2004, 03:43 PM

What is the FTP server you trying to connect.. maybe he was down?

colabus · 03-30-2004, 06:17 PM

Nope, it's not down.
There is many other people using that same account (login info) and have no problems. Also I can't list perfectly fine when i'm connecting to it from the Linux box - it's just when trying from the windows machine through the linux box.

Win2K > Linux box > Internet > The FTP

Linux box > Internet > The FTP (all is fine)
Win2K > Linux box > Internet > The FTP (listing errors, connection OK)

I tried PASV too last night but it's not supported. I tried it without my firewall blocking ports. I've tried modprobes.

Help!

sirpimpsalot · 03-30-2004, 06:23 PM

dood, you gotta give us a dump of all information related to the problem!

What kind of ftp client are you using on the Winboxes? have you tried standard tcpip troubleshoooting from that box (ping tracert nslookup etc)? What do you mean by "cant connect"??? what ftp error are you getting on the win client? connection refused? cant find host?

thnkx

colabus · 03-30-2004, 09:55 PM

OK,

Current firewall:

Code:

# Clearing tables..
iptables -F
iptables -t nat -F

# Allowing designated ports..
iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 60 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 113 -j ACCEPT

# Allowing new/already non-ppp0 connections..
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Blocking everything..
iptables -A INPUT -i ppp0 -p all -j DROP

# IP forwarding/masq rules..
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# Port forwarding..
iptables -t nat -A PREROUTING -p tcp --dport 60 -j DNAT --to 192.168.0.1:21
iptables -t nat -A PREROUTING -p tcp --dport 113 -j DNAT --to 192.168.0.1:113

Although I've tried without blocking ports and still no success.

Main box is Windows 2000 SP4 using FlashFXP FTP software, error is:

Code:

TYPE A
200 Type set to A.
PASV
550 Passive mode not allowed on this server.
PORT 192,168,0,1,12,153
200 PORT Command successful.
LIST
150 Opening ASCII mode data connection for /bin/ls.
426 Data connection closed, transfer aborted.
List Error

Binding sockets to colabus.dyndns.org:

Code:

TYPE A
200 Type set to A.
PASV
550 Passive mode not allowed on this server.
PORT 203,220,195,63,12,156
200 PORT Command successful.
LIST
150 Opening ASCII mode data connection for /bin/ls.
426 Data connection closed, transfer aborted.
List Error

When trying direct from linux box:

Code:

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
drw-rw-rw-   1 user     group           0 Mar 30 20:07 .
drw-rw-rw-   1 user     group           0 Mar 30 20:07 ..
drw-rw-rw-   1 user     group           0 Mar 30 22:38 <FOLDER, etc>
226 Transfer Complete.

I've tried using:

Code:

modprobe ip_conntrack
modprobe ip_conntrack_ftp

also I have tried "limit local port range to 6000-6010 and have them ports forwarded to win machine still no luck.
also it's not firewall software on windows machine either - as i've disabled it completly (service and all).

win machine 192.168.0.1, unix 192.168.0.10, no other machines on network

DNS Server is fine, and from what I have seen so is everything else. This is the only problem I have (atm), and it's only on a couple of ftps.

note: other users from other places can connect using the same info/account. and not isp problem either, as friend has tested the account also.

colabus · 04-01-2004, 12:47 AM

so any ideas?

colabus · 04-03-2004, 01:01 AM

any one?