HI,
I am running
FTP server in Windows 2003 and is perfectly working fine with other windows
and Linux clients within the internal LAN. But I am not able to connect
to this Server from external client(Linux).
Let me describe about my network. I am running Linux firewall on gateway
server. Windows FTP server is one of the internal LAN host. I have done
nating to access the FTP server from external client. I am getting "227
entering passive mode" and after a while it times out. But I am able
to see the directory and cd the desired directory. I am including configuration.
I would be very thankful if anybody can help me.
Thanks in advance!!!!!!!!!!
root@abc root]# ftp 61.35.215.23
Connected to 61.35.215.23 (61.35.215.23).
220-Microsoft FTP Service
220 This is New Wave Test site
Name (61.35.215.23:root): administrator
331 Password required for administrator.
Password:
230-You are welcome to this site if ur authorized else just get out of
this place
230 User administrator logged in.
Remote system type is Windows_NT.
ftp> cd cham
250 CWD command successful.
ftp> dir
227 Entering Passive Mode (192,168,1,98,10,58).
receive aborted
waiting for remote to finish abort
ftp> pwd
257 "/cham" is current directory.
ftp> cd ..
250 CWD command successful.
ftp> cd Sun_Solaris
250 CWD command successful.
ftp> pwd
257 "/Sun_Solaris" is current directory.
ftp> dir
227 Entering Passive Mode (192,168,1,98,10,5).
ftp: connect: Connection timed out
receive aborted
waiting for remote to finish abort
425 Can't open data connection.
500 'òABOR': command not understood
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
ftp: connect: Connection timed out
FIREWALL RULE
#!/bin/sh
#Initializing variables
EXTDEV=eth2
EXTIP="61.35.215.23"
EXTBASE="61.35.215.1"
EXTBCAST="61.35.215.255"
EXTGATE="61.35.215.1"
INTNET="61.35.215.0/24"
INTDEV=eth0
INTIP="192.168.1.58"
INTBASE="192.168.1.0"
INTBCAST="192.168.1.255"
INTNET="192.168.1.0/24"
IPT=/sbin/iptables
LOGOPT="--log-level=3 -m limit --limit 3/minute --limit-burst 3"
SYNOPT="-m limit --limit 5/second --limit-burst 10"
#Clearing all the existing firewall rules
if [ ! -x $IPTABLES ]
then
die "Firewall: Can't execute $IPTABLES"
fi
$IPT -P INPUT DROP # Set default policy to drop
$IPT -P OUTPUT DROP # Set default policy to DROP
$IPT -P FORWARD DROP # Set default policy to drop
$IPT -F #Flush all chains
$IPT -X #delete all chains
for table in filter nat mangle
do
$IPT -t $table -F #Delete the table's rule
$IPT -t $table -X #Delete the table's chains
$IPT -t $table -Z #Delete the table's counters
done
$IPT -t nat -A PREROUTING -i eth2 -p tcp -d 61.35.215.23 --dport 21 -j
DNAT --to-destination 192.168.1.98
$IPT -A FORWARD -j ACCEPT
$IPT -A INPUT -j ACCEPT
$IPT -A INPUT -p tcp --syn -d 192.168.1.98 --dport 21 -j ACCEPT
$IPT -A OUTPUT -j ACCEPT
Regards,
Cham |
|
|
|
