RE: FTP port mode, client and server behind iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> 
> Port mode does not exist, there are passive and active mode in FTP, both
> use ports, but different ones....

I guess, years ago I had head it referred to as Port or Passive.  Anyway, non-passive (or active is what I'm looking for.

Either way, I was able to verify that clients that are not behind a firewall are able to connect fine with either mode.  It appears to be a client side issue.

Even with the change that you provided, the client still had the same issue.  Anyway, I verified that the client firewall has the FTP nat/conntrack modules loaded but that didn't seem to help.  No packets on the firewall are being dropped (as we log everything before drop).  I'm going to look into a few more possible NAT issues on the client side to see if there are any other problems.

<lines added to top of forward chain>
-A FORWARD -i eth1 -d 10.20.0.12 -m helper --helper "ftp" -j ACCEPT
-A FORWARD -i eth0 -s 10.20.0.12 -m helper --helper "ftp" -j ACCEPT

If M$ just added a passive mode to their FTP client this would probably resolve a lot of small client complaints (with those incapable of downloading a real FTP client).


--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux