On Tuesday 2005-November-08 01:03, Dave Strydom wrote: > Active Help: http://www.smartftp.com/support/kb/index.php/74 > Client closed the connection. > Transfer failed. > === > > And just dies there. > Now if I use ACTIVE MODE (PORT) i get the same thing... my question > is why? I don't know. I'm not convinced it's a netfilter issue, though. I did not try to follow your script. Perhaps if you post your rules (iptables-save(8)) we could see if anything looks wrong. Please note that you didn't describe where you were sitting when you got this error, so we could not possibly guess what is happening. I imagine that this "smartftp" is some kind of Windows thing, so it probably was not running on the firewall? > Here is a copy of my firewall script: Did you write all this yourself? > ### Accepting our servers OUTPUT RULES### > $IPTABLES -A OUTPUT -p ALL -s $LOCAL_NETWORK_IP_RANGE -m state > --state NEW,ESTABLISHED,RELATED -j ACCEPT Above you had: > $IPTABLES -P OUTPUT ACCEPT so why are you adding ACCEPT rules to OUTPUT? > ### Drop Rootshell Connections ### > $IPTABLES -t nat -A PREROUTING -p tcp -i eth0 --dport 1524 -j DROP This is not appropriate in the nat table. > ftp_conntrack and ip_nat_ftp is built into the kernel (from what i > can tell) (kernel-2.6.11) "From what [you] can tell?" You would know more about it than we would. Also, netfilter drivers really should not be built-in unless it's an embedded device which should reboot to make any changes. > What am I missing, because this is seriously starting to annoy me, > i cant find anything wrong, Nor can I. It could be many things. > even if i setup a simple DNAT for ftp, with no filtering or > anything, it transfers a few files, and then bombs out This suggests that the problem is not netfilter at all, but yes, more simple iptables rules would help in ruling it out. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header
