[ previous ] [ next ] [ threads ]
 
 From:  "Andrej Fercic" <andrej at pcklinika dot si>
 To:  "'Daniel Foster'" <dan at melbourne dot co dot uk>, "'Markus Fischer'" <markus at fischer dot name>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Problem with active ftp
 Date:  Thu, 9 Jun 2005 15:43:38 +0200
OK,

But why works in first CASE??? It is only FTP allowed (without extra port
20)?!

Andrej 

-----Original Message-----
From: Daniel Foster [mailto:dan at melbourne dot co dot uk] 
Sent: Thursday, June 09, 2005 11:48 AM
To: Andrej Fercic; Markus Fischer; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Problem with active ftp

Andrej,

That'll be because you also need port 20 as well as port 21, that's the ftp
data port.  Usually that's the culprit if you can't get a file list.

Dan

 | -----Original Message-----
 | From: Andrej Fercic [mailto:andrej at pcklinika dot si]  | Sent: 09 June 2005
10:42  | To: 'Markus Fischer'; m0n0wall at lists dot m0n0 dot ch  | Subject: RE:
[m0n0wall] Problem with active ftp  |  | Yeap, I have a similar problem.
 |
 | ISP <> m0n0 <> | FTPserver1 
 | 		 | FTPserver2
 | 		 | FTPserver3
 |
 | Connection to my ISP is made by using PPPoE which returns an  | IP (DHCP)
and it is A.B.C.193. I have olsa 5 more Ips which  | are all used with
ServerNAT option + ProxyARP. So If I set a  | NAT rule to forward port 21
from WAN to LAN on default IP to  | one of my local server, FTP work. Bu I
want to enable FTP on  | all my servers. So, If I do that and enable a NAT
rule for  | port 21 on all other Ips, I can reach my FTP server from WAN  |
side, I can LOGIN, but I NEVER get a file list. At this  | point is process
stoped! 
 |
 | Any Idea, what is wrong? Setup or it is a bug :(  |  | Cheers,  |  |
Andrej  |  | -----Original Message-----  | From: Markus Fischer
[mailto:markus at fischer dot name]  | Sent: Thursday, June 09, 2005 10:42 AM  |
To: m0n0wall at lists dot m0n0 dot ch  | Subject: [m0n0wall] Problem with active ftp  |
| Hi,  |  | I'm expiriencing a wierd situation with m0n0wall and active  |
FTP connection to one of our partner hosts.
 |
 | I'm opening the ftp connections are for some time (browsing  | to the
rather big directory structure remotely) works. But  | often at one point,
wenn the internal PORT command is issued  | the ftp client seems to hang and
later stops because of a timeout.
 |
 | Whenever this timeout happens, I find multiple entries in  | the firewall
log:
 |
 | block | WAN | remote-ip 21 | my-public-gatewat-ip 4000 | TCP  |  | The
port of the remote-ip is always 21, the port on the  | public ip of the
gateway varies but is usually in the range  | 2000 to 4000 or so.
 |
 | I have not set up any rule to block these. I even added a  | rule for
testing to accept all packets from everything to  | everything, and still I
got those reported as blocked in the  | firewall log.
 |
 | I've tested multiple ftp clients, all exhibit the same  | problem. The
administrator of the remote company said he did  | many hours of debugging
at its best and could only come to  | the conclustion that he suspects a
problem in the ftp-nat  | module of my firewall (m0n0wall). He says his
firewall does  | state matching he can see that many tcp connections are not
| correctly initiated from our firewall; packets are dropped.
 |
 | I'm using version 1.11, generic-pc.
 |
 | thanks for any pointers,
 |
 | - Markus
 |
 | ---------------------------------------------------------------------
 | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch  |  |  |  |
---------------------------------------------------------------------
 | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch  |  |  | --
| No virus found in this incoming message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005  |
| 

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005