Cant LS in FTP on clients?
 

Hello,

I just finished installing a nice slackware 9.1 box used as a firewall. It currently dials up via 56k and acts as a gateway for my company lan (all windows boxes with 1 Windows 2000 Server DC)

I have the following in my rc.local for lack of a better place to stick this.

ifconfig eth0 10.0.0.11
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_ftp
ppp-go -d

All the windows boxes can surf nicely and access their toys msn , ect.

They can open FTP connections authenticate on the remote ftp server they wish to access but as soon as the ls or LIST in a FTP program thats when the ftp session / or program times out and nothing happens.


I tried an FTP session on the slackware firewall and it works good it will LS fine.


Anythoughts?

FTP creates primary and secondary connections. I believe that you may be blocking the secondary port (the one that handles file transfer, not connection) on the slackware box, and that is why is will time out when trying to ls.

Connection port is 21
File transfer is 20

make sure BOTH of these are open.

slight

fixed
 

Odly enough I added this (BOLD LINE) to my startup script

----------------------------
ifconfig eth0 10.0.0.11
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp
ppp-go -d
---------------------------

That allowed client machines to use the the LS commands and transfer in FTP instead of just being able to only logon and timeout while getting a directory list.

Is this the wrong way to go about this?

Hmmm..... I'm not sure really. Your IPTables seems as if it was already set up to do NAT, so I don't know why ip_nat_ftp would be necessary..... hell, if it works, go with it. :)

slight