Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

FTP Wont work with ipforwarding (under Linux)!! 1

Status
Not open for further replies.
UnknownPerson

UnknownPerson

Programmer
Dec 4, 2001
80
BR
Anyone have a clue how to (rapidly and transparently) enable my client computers to use FTP using our Linux gateway?. The problem (I believe) is that the clients send out a PORT command using the internal IP number...

I have seen systems that have some kind of configuration that can counter-measure this problem.

Thanks in advance.
 
Sort by date Sort by votes
Hi,
Not knowing what ftp client you use I cannot offer you specific advice. However, your client should be able to do both active and passive ftp. Try to establish a passive FTP session. If you wish I can describe to you the difference and why ftp is one of the worst protocols ever (IMO), but you're better going here:
and reading it better than i could explain it.

-Stephen
 
Upvote 0 Downvote
I suspect that the problem lies at the gateway, not the client. For FTP to work with with Network Address Translation (NAT), a FTP port forwarder has to be added to the NAT if you are using IP-Masq.

See here for explanation:


This is also excellent information which supplements the information in Stephen's post above:

FTP Nightmares

The classic packet filtering problem is FTP. FTP has two modes; the traditional one is called active mode and the more recent one is called passive mode. Web browsers usually default to passive mode, but command-line FTP programs usually default to active mode.

In active mode, when the remote end wants to send a file (or even the results of an ls or dir command) it tries to open a TCP connection to the local machine. This means you can't filter out these TCP connections without breaking active FTP.

If you have the option of using passive mode, then fine; passive mode makes data connections from client to server, even for incoming data. Otherwise, it is recommended that you only allow TCP connections to ports above 1024 and not between 6000 and 6010 (6000 is used for X-Windows).


This excerpt was from the IPChains HOWTO here:


See how your NAT gateway is configured and try this out.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bpafc
  • Locked
  • Question
FTP login delay
Replies
2
Views
147
bpafc
bpafc
BuilderSpec
  • Locked
  • Question
LDAP with AD/LDS
Replies
0
Views
171
BuilderSpec
BuilderSpec
DWheater
  • Locked
  • Question
FTP through Back to Back Firewalls
Replies
0
Views
95
DWheater
DWheater
DrB0b
  • Locked
  • Question
Multiple WiNG Zebra Access Points with possible issue
Replies
1
Views
525
DrB0b
DrB0b
03Explorer
  • Locked
  • Question
Linux monitoring my own ASUS router (MRTG)
Replies
0
Views
197
03Explorer
03Explorer

Part and Inventory Search

Sponsor

Back
Top