Cant LS in FTP on clients?
Hello,
I just finished installing a nice slackware 9.1 box used as a firewall. It currently dials up via 56k and acts as a gateway for my company lan (all windows boxes with 1 Windows 2000 Server DC) I have the following in my rc.local for lack of a better place to stick this. ifconfig eth0 10.0.0.11 iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward modprobe ip_conntrack_ftp ppp-go -d All the windows boxes can surf nicely and access their toys msn , ect. They can open FTP connections authenticate on the remote ftp server they wish to access but as soon as the ls or LIST in a FTP program thats when the ftp session / or program times out and nothing happens. I tried an FTP session on the slackware firewall and it works good it will LS fine. Anythoughts? |
FTP creates primary and secondary connections. I believe that you may be blocking the secondary port (the one that handles file transfer, not connection) on the slackware box, and that is why is will time out when trying to ls.
Connection port is 21 File transfer is 20 make sure BOTH of these are open. slight |
fixed
Odly enough I added this (BOLD LINE) to my startup script
---------------------------- ifconfig eth0 10.0.0.11 iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward modprobe ip_conntrack_ftp modprobe ip_nat_ftp ppp-go -d --------------------------- That allowed client machines to use the the LS commands and transfer in FTP instead of just being able to only logon and timeout while getting a directory list. Is this the wrong way to go about this? |
Hmmm..... I'm not sure really. Your IPTables seems as if it was already set up to do NAT, so I don't know why ip_nat_ftp would be necessary..... hell, if it works, go with it. :)
slight |
All times are GMT -5. The time now is 10:10 PM. |