OK,
Current firewall:
Code:
# Clearing tables..
iptables -F
iptables -t nat -F
# Allowing designated ports..
iptables -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 60 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 113 -j ACCEPT
# Allowing new/already non-ppp0 connections..
iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Blocking everything..
iptables -A INPUT -i ppp0 -p all -j DROP
# IP forwarding/masq rules..
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Port forwarding..
iptables -t nat -A PREROUTING -p tcp --dport 60 -j DNAT --to 192.168.0.1:21
iptables -t nat -A PREROUTING -p tcp --dport 113 -j DNAT --to 192.168.0.1:113
Although I've tried without blocking ports and still no success.
Main box is Windows 2000 SP4 using FlashFXP FTP software, error is:
Code:
TYPE A
200 Type set to A.
PASV
550 Passive mode not allowed on this server.
PORT 192,168,0,1,12,153
200 PORT Command successful.
LIST
150 Opening ASCII mode data connection for /bin/ls.
426 Data connection closed, transfer aborted.
List Error
Binding sockets to colabus.dyndns.org:
Code:
TYPE A
200 Type set to A.
PASV
550 Passive mode not allowed on this server.
PORT 203,220,195,63,12,156
200 PORT Command successful.
LIST
150 Opening ASCII mode data connection for /bin/ls.
426 Data connection closed, transfer aborted.
List Error
When trying direct from linux box:
Code:
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
drw-rw-rw- 1 user group 0 Mar 30 20:07 .
drw-rw-rw- 1 user group 0 Mar 30 20:07 ..
drw-rw-rw- 1 user group 0 Mar 30 22:38 <FOLDER, etc>
226 Transfer Complete.
I've tried using:
Code:
modprobe ip_conntrack
modprobe ip_conntrack_ftp
also I have tried "limit local port range to 6000-6010 and have them ports forwarded to win machine still no luck.
also it's not firewall software on windows machine either - as i've disabled it completly (service and all).
win machine 192.168.0.1, unix 192.168.0.10, no other machines on network
DNS Server is fine, and from what I have seen so is everything else. This is the only problem I have (atm), and it's only on a couple of ftps.
note: other users from other places can connect using the same info/account. and not isp problem either, as friend has tested the account also.