[ previous ] [ next ] [ threads ]
 
 From:  "Kimmo Jaskari" <kimmo dot jaskari at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LS Command for FTP is not passed by m0n0wall 1.22 PC Image
 Date:  Fri, 23 Jun 2006 12:26:10 +0300
On 6/21/06, Michael Brown <knightmb at knightmb dot dyndns dot org> wrote:

> Hi All,
> This has been driving me crazy, finally was able to track down the
> cause.  I have a FTP service mapped through inbound NAT with m0n0wall,
> have a firewall rule for this, etc.  Everything works fine in active FTP
> mode, but sometimes, just out the blue, the "LS" command for FTP will
> stop working.  Lately it's gotten bad since I upgraded from 1.21 to 1.22
> image.

"ls not working" is another way of saying that only the control
connection works and the data connection cannot be established. When
you do an "ls" you are in fact asking for a data download, the data in
this case the file listing. Downloading anything else won't work
either.

FTP is a very firewall-hostile (if you can say that) protocol, that
opens up ports randomly all over the place. The most reliable way to
solve it is to set up passive mode in the server and use that. This is
all documented elsewhere, googling on ftp and firewalls will get you
what you need.

Basically, set up so you pass port 20 and 21 in to the ftp server and
set up the ftp server to use a specific port span for incoming passive
connects (dealers choice, I like to pick 10 ports in the five figures,
or you could go with 2000-2010 for instance) and that should give you
nice reliable ftp connects in passive mode.

I doubt if this is anyway m0n0wall-related except that it is a
firewall and thus is quite properly interfering.

I could be wrong, if so I'm sure the people on the list will chime in
on this issue.

-- 
-{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--

Progress isn't made by early risers. It's made by lazy men trying to
find easier ways to do something.
  - Robert Heinlein