[ previous ] [ next ] [ threads ]
 
 From:  "Daniel Foster" <dan at melbourne dot co dot uk>
 To:  "edward mzj" <edward dot mzj at gmail dot com>
 Cc:  "Andrej Fercic" <andrej at pcklinika dot si>, "Markus Fischer" <markus at fischer dot name>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Problem with active ftp
 Date:  Thu, 9 Jun 2005 17:02:57 +0100
realised having never used the lan port.  

Dan

 | -----Original Message-----
 | From: edward mzj [mailto:edward dot mzj at gmail dot com] 
 | Sent: 09 June 2005 16:41
 | To: Daniel Foster
 | Cc: Andrej Fercic; Markus Fischer; m0n0wall at lists dot m0n0 dot ch
 | Subject: Re: [m0n0wall] Problem with active ftp
 | 
 | is ur ftp svr connected to an opt interface? if so, rules 
 | must be added, just like u said, to allow ftp data traffic 
 | getting throough. however, if it's running on lan side, 
 | there is no need to add such rules, 'cause any traffic 
 | orignated from lan side is allow by default, unless u 
 | deleted the default allow all rule on lan interface
 | 
 | On 6/9/05, Daniel Foster <dan at melbourne dot co dot uk> wrote:
 | > Im not sure, I've never had ftp working without involving 
 | port 20.  I found this document useful trying to explain it:
 | > 
 | > http://slacksite.com/other/ftp.html
 | > 
 | > Dan
 | > 
 | > | -----Original Message-----
 | > | From: Andrej Fercic [mailto:andrej at pcklinika dot si]
 | > | Sent: 09 June 2005 14:44
 | > | To: Daniel Foster; 'Markus Fischer'; m0n0wall at lists dot m0n0 dot ch
 | > | Subject: RE: [m0n0wall] Problem with active ftp
 | > |
 | > | OK,
 | > |
 | > | But why works in first CASE??? It is only FTP allowed 
 | (without extra 
 | > | port 20)?!
 | > |
 | > | Andrej
 | > |
 | > | -----Original Message-----
 | > | From: Daniel Foster [mailto:dan at melbourne dot co dot uk]
 | > | Sent: Thursday, June 09, 2005 11:48 AM
 | > | To: Andrej Fercic; Markus Fischer; m0n0wall at lists dot m0n0 dot ch
 | > | Subject: RE: [m0n0wall] Problem with active ftp
 | > |
 | > | Andrej,
 | > |
 | > | That'll be because you also need port 20 as well as port 
 | 21, that's 
 | > | the ftp data port.  Usually that's the culprit if you 
 | can't get a 
 | > | file list.
 | > |
 | > | Dan
 | > |
 | > |  | -----Original Message-----
 | > |  | From: Andrej Fercic [mailto:andrej at pcklinika dot si]  | Sent:
 | > | 09 June 2005
 | > | 10:42  | To: 'Markus Fischer'; m0n0wall at lists dot m0n0 dot ch  | 
 | Subject: RE:
 | > | [m0n0wall] Problem with active ftp  |  | Yeap, I have a similar 
 | > | problem.
 | > |  |
 | > |  | ISP <> m0n0 <> | FTPserver1
 | > |  |            | FTPserver2
 | > |  |            | FTPserver3
 | > |  |
 | > |  | Connection to my ISP is made by using PPPoE which 
 | returns an  | 
 | > | IP (DHCP) and it is A.B.C.193. I have olsa 5 more Ips 
 | which  | are 
 | > | all used with ServerNAT option + ProxyARP. So If I set a 
 |  | NAT rule 
 | > | to forward port 21 from WAN to LAN on default IP to  | one of my 
 | > | local server, FTP work. Bu I want to enable FTP on  | all my 
 | > | servers. So, If I do that and enable a NAT rule for  | 
 | port 21 on 
 | > | all other Ips, I can reach my FTP server from WAN  | side, I can 
 | > | LOGIN, but I NEVER get a file list. At this  | point is process 
 | > | stoped!
 | > |  |
 | > |  | Any Idea, what is wrong? Setup or it is a bug :(  |  
 | | Cheers,  |  
 | > | | Andrej  |  | -----Original Message-----  |
 | > | From: Markus Fischer [mailto:markus at fischer dot name]  | Sent:
 | > | Thursday, June 09, 2005 10:42 AM  |
 | > | To: m0n0wall at lists dot m0n0 dot ch  | Subject: [m0n0wall] Problem with 
 | > | active ftp  |
 | > | | Hi,  |  | I'm expiriencing a wierd situation with m0n0wall
 | > | and active
 | > | | |
 | > | FTP connection to one of our partner hosts.
 | > |  |
 | > |  | I'm opening the ftp connections are for some time 
 | (browsing  | to 
 | > | the rather big directory structure remotely) works. But  
 | | often at 
 | > | one point, wenn the internal PORT command is issued  | the ftp 
 | > | client seems to hang and later stops because of a timeout.
 | > |  |
 | > |  | Whenever this timeout happens, I find multiple 
 | entries in  | the 
 | > | firewall
 | > | log:
 | > |  |
 | > |  | block | WAN | remote-ip 21 | my-public-gatewat-ip 
 | 4000 | TCP  |  
 | > | | The port of the remote-ip is always 21, the port on 
 | the  | public 
 | > | ip of the gateway varies but is usually in the range  | 
 | 2000 to 4000 
 | > | or so.
 | > |  |
 | > |  | I have not set up any rule to block these. I even 
 | added a  | rule 
 | > | for testing to accept all packets from everything to  | 
 | everything, 
 | > | and still I got those reported as blocked in the  | firewall log.
 | > |  |
 | > |  | I've tested multiple ftp clients, all exhibit the same  | 
 | > | problem. The administrator of the remote company said he 
 | did  | many 
 | > | hours of debugging at its best and could only come to  | the 
 | > | conclustion that he suspects a problem in the ftp-nat  | 
 | module of 
 | > | my firewall (m0n0wall). He says his firewall does  | 
 | state matching 
 | > | he can see that many tcp connections are not
 | > | | correctly initiated from our firewall; packets are dropped.
 | > |  |
 | > |  | I'm using version 1.11, generic-pc.
 | > |  |
 | > |  | thanks for any pointers,
 | > |  |
 | > |  | - Markus
 | > |  |
 | > |  |
 | > | 
 | --------------------------------------------------------------------
 | > | -  | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | > |  | For additional commands, e-mail:
 | > | m0n0wall dash help at lists dot m0n0 dot ch  |  |  |  |
 | > | 
 | --------------------------------------------------------------------
 | > | -  | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | > |  | For additional commands, e-mail:
 | > | m0n0wall dash help at lists dot m0n0 dot ch  |  |  | --
 | > | | No virus found in this incoming message.
 | > |  | Checked by AVG Anti-Virus.
 | > |  | Version: 7.0.323 / Virus Database: 267.6.6 - Release
 | > | Date: 08/06/2005  |
 | > | |
 | > |
 | > | --
 | > | No virus found in this outgoing message.
 | > | Checked by AVG Anti-Virus.
 | > | Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 
 | > | 08/06/2005
 | > |
 | > |
 | > |
 | > | --
 | > | No virus found in this incoming message.
 | > | Checked by AVG Anti-Virus.
 | > | Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 
 | > | 08/06/2005
 | > |
 | > |
 | > 
 | > --
 | > No virus found in this outgoing message.
 | > Checked by AVG Anti-Virus.
 | > Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 
 | 08/06/2005
 | > 
 | > 
 | > 
 | ---------------------------------------------------------------------
 | > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
 | > 
 | >
 | 
 | --
 | No virus found in this incoming message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005
 |  
 | 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005