Sky, any idea why I can't ftp to the server?
Moderators: scallenger, Sky, TresCom Support Team
Sky, any idea why I can't ftp to the server?
Problem: I can't upload (ftp) to a directory on the server, either in standard mode or in pasive mode. Tried with IE 6, FTP Explorer, WS_FTP. My workstation (W2K) is on a LAN, the internet gateway is a Linux machine running an ipchains-based firewall. I even tried to ftp to diehard.ath.cx from the gateway computer -- nada. The only INPUT ports open on the gateway are 25 and 80. To my knowledge, the ftp client doesn't need the incoming ftp port to be open on the gateway in order to connect to external hosts. Am I wrong?
- Dapper Dan
- -=TresCom Elder=-
- Posts: 2010
- Joined: Tue Nov 12, 2002 7:43 am
- Location: South Carolina
- Contact:
Troodon, Your question for Sky has me wondering if you can tell me what you think is the best way to do a wireless lan with two desktops and later, maybe a notebook or two?
So far I've discovered that my Dell's Truemobile wireless cards are actually Orinoco gold cards. Can it be as easy as downloading the proper drivers? I'm finding information, but it is coming very slowly.
Of course, as a Newbie, so far nothing seems to be easy with Linux!
So far I've discovered that my Dell's Truemobile wireless cards are actually Orinoco gold cards. Can it be as easy as downloading the proper drivers? I'm finding information, but it is coming very slowly.
Of course, as a Newbie, so far nothing seems to be easy with Linux!
Try to run the following two commands - the last two lines from my packetfiltering script (perhaps you have to change them b/c ipchains use another syntax):
$IPTABLES -A INPUT -j LOG
$IPTABLES -A OUTPUT -j LOG
Afterwards try to ftp to this server again. It won't work, like before But now type "dmesg" and post the logged messages... Then it will be easier to tell you which rules need to be added to your fw script.
s.
$IPTABLES -A INPUT -j LOG
$IPTABLES -A OUTPUT -j LOG
Afterwards try to ftp to this server again. It won't work, like before But now type "dmesg" and post the logged messages... Then it will be easier to tell you which rules need to be added to your fw script.
s.
Last edited by Sky on Thu Dec 12, 2002 2:41 pm, edited 1 time in total.
Slackware 10.0- Kernel 2.6.10-AES
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6553 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6554 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6555 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15372 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15373 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15374 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15375 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15376 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15377 F=0x4000 T=54 SYN (#8)
Green is diehard.ath.cx, red is my host, bold is the port.
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6554 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6555 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15372 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15373 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15374 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15375 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15376 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15377 F=0x4000 T=54 SYN (#8)
Green is diehard.ath.cx, red is my host, bold is the port.
In my firewall script i have included an option if i need ftp (normally i do not because i use ssh/scp)
then i run "script.sh ftp" and ftp works You just have to look for the right syntax b/c you are using ipchains..
Code: Select all
if [ $1 = "ftp" ]
then
$IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 21 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 20 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 1024: -j ACCEPT
fi;
Slackware 10.0- Kernel 2.6.10-AES