On 01/09/2006 Pascal Hambourg wrote: > Jonas Meurer a écrit : > >> > >>What do the "-d **.**.***.**/31" address ranges represent ? > > > >it is 62.75.128.98/31, which should be 62.75.128.98 and 62.75.128.99. > > Actually I did not ask for their exact values but their meaning > network-wise. Because usually, when there is "-d <range>" in an INPUT > rule there is "-s <range>" in its OUTPUT counterpart or vice versa, but > both your INPUT and OUTPUT rule contain the same "-d <range>". So I was > wondering. Are these the client and server addresses ? the ftp servers listen on both ips. so both are server addresses. do you think that i should change the "-d ..." at -A OUTPUT to "-s ..."? > >let's say, ftp-servers are on port 9621 and 9721. then i need to open > >9620 and 9720 as well for ftp, correct? > > Yes. But I repeat that opening 9620 and 9720 is effective for active > mode only. Passive mode won't work. i would like to support both active and passive mode. > >after using exactly these commands, i'm still not able to connect to the > >ftp-servers. > > > >if i try to login with lftp, it says [Connecting...], then > >[FEAT negotation...] and then it hangs forever at > >[Making data connection...]. > > This indicates that the control connection succeeds but the data > connection fails. Maybe lftp uses passive mode for the data connections > by default, then you have to disable it with "set ftp:passive-mode off" > so lftp uses active mode instead. You can also use the "debug" command > in lftp to get a more verbose output. even with "set ftp:passive-mode off" it doesn't work: user@home~$ lftp user@xxxxxxxxxxxx:9621 lftp user@xxxxxxxxxxxx:/> debug lftp user@xxxxxxxxxxxx:/> set ftp:passive-mode on lftp user@xxxxxxxxxxxx:/> ls ---> PASV <--- 227 Entering Passive Mode (62,75,128,98,180,236) ---- Connecting data socket to (62.75.128.98) port 46316 `ls' at 0 [Making data connection...] lftp user@xxxxxxxxxxxx:/> set ftp:passive-mode off lftp user@xxxxxxxxxxxx:/> ls ---- Connecting to 62.75.128.98 (62.75.128.98) port 9621 <--- 220 diana50 FTP server (Medusa Async V1.23 [experimental]) ready. ---> FEAT <--- 530 Please log in with USER and PASS ---> AUTH TLS <--- 500 'AUTH': command not understood. ---> USER user <--- 331 Password required. ---> PASS XXXX <--- 230 Login successful. ---> FEAT <--- 211-Extensions supported: <--- MDTM <--- SIZE <--- 211 END ---> PORT 192,168,3,34,197,115 <--- 200 PORT command successful. ---> LIST <--- 150 Opening ASCII mode data connection for file list <--- 426 Connection closed; transfer aborted ---- Closing data socket any further suggestions? ... jonas
