[ previous ] [ next ] [ threads ]
 
 From:  "Daniel Foster" <dan at melbourne dot co dot uk>
 To:  "Andrej Fercic" <andrej at pcklinika dot si>, "Markus Fischer" <markus at fischer dot name>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Problem with active ftp
 Date:  Thu, 9 Jun 2005 14:44:00 +0100
Im not sure, I've never had ftp working without involving port 20.  I found this document useful
trying to explain it:

http://slacksite.com/other/ftp.html

Dan 

 | -----Original Message-----
 | From: Andrej Fercic [mailto:andrej at pcklinika dot si] 
 | Sent: 09 June 2005 14:44
 | To: Daniel Foster; 'Markus Fischer'; m0n0wall at lists dot m0n0 dot ch
 | Subject: RE: [m0n0wall] Problem with active ftp
 | 
 | OK,
 | 
 | But why works in first CASE??? It is only FTP allowed 
 | (without extra port 20)?!
 | 
 | Andrej 
 | 
 | -----Original Message-----
 | From: Daniel Foster [mailto:dan at melbourne dot co dot uk]
 | Sent: Thursday, June 09, 2005 11:48 AM
 | To: Andrej Fercic; Markus Fischer; m0n0wall at lists dot m0n0 dot ch
 | Subject: RE: [m0n0wall] Problem with active ftp
 | 
 | Andrej,
 | 
 | That'll be because you also need port 20 as well as port 21, 
 | that's the ftp data port.  Usually that's the culprit if you 
 | can't get a file list.
 | 
 | Dan
 | 
 |  | -----Original Message-----
 |  | From: Andrej Fercic [mailto:andrej at pcklinika dot si]  | Sent: 
 | 09 June 2005
 | 10:42  | To: 'Markus Fischer'; m0n0wall at lists dot m0n0 dot ch  | Subject: RE:
 | [m0n0wall] Problem with active ftp  |  | Yeap, I have a 
 | similar problem.
 |  |
 |  | ISP <> m0n0 <> | FTPserver1 
 |  | 		 | FTPserver2
 |  | 		 | FTPserver3
 |  |
 |  | Connection to my ISP is made by using PPPoE which returns 
 | an  | IP (DHCP) and it is A.B.C.193. I have olsa 5 more Ips 
 | which  | are all used with ServerNAT option + ProxyARP. So 
 | If I set a  | NAT rule to forward port 21 from WAN to LAN on 
 | default IP to  | one of my local server, FTP work. Bu I want 
 | to enable FTP on  | all my servers. So, If I do that and 
 | enable a NAT rule for  | port 21 on all other Ips, I can 
 | reach my FTP server from WAN  | side, I can LOGIN, but I 
 | NEVER get a file list. At this  | point is process stoped! 
 |  |
 |  | Any Idea, what is wrong? Setup or it is a bug :(  |  | 
 | Cheers,  |  | Andrej  |  | -----Original Message-----  | 
 | From: Markus Fischer [mailto:markus at fischer dot name]  | Sent: 
 | Thursday, June 09, 2005 10:42 AM  |
 | To: m0n0wall at lists dot m0n0 dot ch  | Subject: [m0n0wall] Problem 
 | with active ftp  |
 | | Hi,  |  | I'm expiriencing a wierd situation with m0n0wall 
 | and active  
 | | |
 | FTP connection to one of our partner hosts.
 |  |
 |  | I'm opening the ftp connections are for some time 
 | (browsing  | to the rather big directory structure remotely) 
 | works. But  | often at one point, wenn the internal PORT 
 | command is issued  | the ftp client seems to hang and later 
 | stops because of a timeout.
 |  |
 |  | Whenever this timeout happens, I find multiple entries in 
 |  | the firewall
 | log:
 |  |
 |  | block | WAN | remote-ip 21 | my-public-gatewat-ip 4000 | 
 | TCP  |  | The port of the remote-ip is always 21, the port 
 | on the  | public ip of the gateway varies but is usually in 
 | the range  | 2000 to 4000 or so.
 |  |
 |  | I have not set up any rule to block these. I even added a 
 |  | rule for testing to accept all packets from everything to 
 |  | everything, and still I got those reported as blocked in 
 | the  | firewall log.
 |  |
 |  | I've tested multiple ftp clients, all exhibit the same  | 
 | problem. The administrator of the remote company said he did 
 |  | many hours of debugging at its best and could only come 
 | to  | the conclustion that he suspects a problem in the 
 | ftp-nat  | module of my firewall (m0n0wall). He says his 
 | firewall does  | state matching he can see that many tcp 
 | connections are not
 | | correctly initiated from our firewall; packets are dropped.
 |  |
 |  | I'm using version 1.11, generic-pc.
 |  |
 |  | thanks for any pointers,
 |  |
 |  | - Markus
 |  |
 |  | 
 | ---------------------------------------------------------------------
 |  | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 |  | For additional commands, e-mail: 
 | m0n0wall dash help at lists dot m0n0 dot ch  |  |  |  |
 | ---------------------------------------------------------------------
 |  | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 |  | For additional commands, e-mail: 
 | m0n0wall dash help at lists dot m0n0 dot ch  |  |  | --
 | | No virus found in this incoming message.
 |  | Checked by AVG Anti-Virus.
 |  | Version: 7.0.323 / Virus Database: 267.6.6 - Release 
 | Date: 08/06/2005  |
 | | 
 | 
 | --
 | No virus found in this outgoing message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005
 |  
 | 
 | 
 | --
 | No virus found in this incoming message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005
 |  
 | 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005