Page 1 of 1

Sky, any idea why I can't ftp to the server?

Posted: Wed Dec 11, 2002 11:18 pm
by Troodon
Problem: I can't upload (ftp) to a directory on the server, either in standard mode or in pasive mode. Tried with IE 6, FTP Explorer, WS_FTP. My workstation (W2K) is on a LAN, the internet gateway is a Linux machine running an ipchains-based firewall. I even tried to ftp to diehard.ath.cx from the gateway computer -- nada. The only INPUT ports open on the gateway are 25 and 80. To my knowledge, the ftp client doesn't need the incoming ftp port to be open on the gateway in order to connect to external hosts. Am I wrong?

Posted: Thu Dec 12, 2002 4:55 am
by Dapper Dan
Troodon, Your question for Sky has me wondering if you can tell me what you think is the best way to do a wireless lan with two desktops and later, maybe a notebook or two?
So far I've discovered that my Dell's Truemobile wireless cards are actually Orinoco gold cards. Can it be as easy as downloading the proper drivers? I'm finding information, but it is coming very slowly.
Of course, as a Newbie, so far nothing seems to be easy with Linux! :wink:

Posted: Thu Dec 12, 2002 2:21 pm
by Sky
Try to run the following two commands - the last two lines from my packetfiltering script (perhaps you have to change them b/c ipchains use another syntax):

$IPTABLES -A INPUT -j LOG
$IPTABLES -A OUTPUT -j LOG

Afterwards try to ftp to this server again. It won't work, like before ;) But now type "dmesg" and post the logged messages... Then it will be easier to tell you which rules need to be added to your fw script.

s.

Posted: Thu Dec 12, 2002 2:28 pm
by Troodon
Thanks, Sky, I'll try what you suggested.

Dan, I have no experience with wireless devices and networks, sorry I can't help.

Posted: Fri Dec 13, 2002 4:32 am
by Troodon
Hm.. I think PASV mode is disabled on the trescom ftp server. According to the linksys website:

- PASV mode: client connects to server for data transfer
- PORT mode: server connects to client for data transfer

and my firewall only allows PASV mode ftp transfers.

Posted: Fri Dec 13, 2002 1:59 pm
by Sky
What did "dmesg" tell you?

s.

Posted: Fri Dec 13, 2002 2:24 pm
by Troodon
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6553 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6554 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6555 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15372 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15373 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15374 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15375 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15376 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15377 F=0x4000 T=54 SYN (#8)


Green is diehard.ath.cx, red is my host, bold is the port.

Posted: Sat Dec 14, 2002 11:08 am
by Sky
In my firewall script i have included an option if i need ftp (normally i do not because i use ssh/scp)

Code: Select all

if [ $1 = "ftp" ]
   then
      $IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 21 -j ACCEPT
      $IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 20 -j ACCEPT
      $IPTABLES -A INPUT -p tcp --dport 1024: -j ACCEPT
   fi;
then i run "script.sh ftp" and ftp works ;) You just have to look for the right syntax b/c you are using ipchains..