Sky, any idea why I can't ftp to the server?

Discuss Programming / Linux questions.

Moderators: scallenger, Sky, TresCom Support Team

Post Reply
Troodon

Sky, any idea why I can't ftp to the server?

Post by Troodon »

Problem: I can't upload (ftp) to a directory on the server, either in standard mode or in pasive mode. Tried with IE 6, FTP Explorer, WS_FTP. My workstation (W2K) is on a LAN, the internet gateway is a Linux machine running an ipchains-based firewall. I even tried to ftp to diehard.ath.cx from the gateway computer -- nada. The only INPUT ports open on the gateway are 25 and 80. To my knowledge, the ftp client doesn't need the incoming ftp port to be open on the gateway in order to connect to external hosts. Am I wrong?
User avatar
Dapper Dan
-=TresCom Elder=-
-=TresCom Elder=-
Posts: 2010
Joined: Tue Nov 12, 2002 7:43 am
Location: South Carolina
Contact:

Post by Dapper Dan »

Troodon, Your question for Sky has me wondering if you can tell me what you think is the best way to do a wireless lan with two desktops and later, maybe a notebook or two?
So far I've discovered that my Dell's Truemobile wireless cards are actually Orinoco gold cards. Can it be as easy as downloading the proper drivers? I'm finding information, but it is coming very slowly.
Of course, as a Newbie, so far nothing seems to be easy with Linux! :wink:
Sky
404 - Title not found
Posts: 89
Joined: Mon Jul 22, 2002 1:01 pm

Post by Sky »

Try to run the following two commands - the last two lines from my packetfiltering script (perhaps you have to change them b/c ipchains use another syntax):

$IPTABLES -A INPUT -j LOG
$IPTABLES -A OUTPUT -j LOG

Afterwards try to ftp to this server again. It won't work, like before ;) But now type "dmesg" and post the logged messages... Then it will be easier to tell you which rules need to be added to your fw script.

s.
Last edited by Sky on Thu Dec 12, 2002 2:41 pm, edited 1 time in total.
Slackware 10.0- Kernel 2.6.10-AES
Troodon

Post by Troodon »

Thanks, Sky, I'll try what you suggested.

Dan, I have no experience with wireless devices and networks, sorry I can't help.
Troodon

Post by Troodon »

Hm.. I think PASV mode is disabled on the trescom ftp server. According to the linksys website:

- PASV mode: client connects to server for data transfer
- PORT mode: server connects to client for data transfer

and my firewall only allows PASV mode ftp transfers.
Sky
404 - Title not found
Posts: 89
Joined: Mon Jul 22, 2002 1:01 pm

Post by Sky »

What did "dmesg" tell you?

s.
Slackware 10.0- Kernel 2.6.10-AES
Troodon

Post by Troodon »

Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6553 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6554 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:35536 64.231.175.154:113 L=60 S=0x00 I=6555 F=0x4000 T=54 SY N (#7)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15372 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15373 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15374 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15375 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15376 F=0x4000 T=54 SYN (#8)
Packet log: input DENY ppp0 PROTO=6 217.84.190.22:20 64.231.175.154:1069 L=60 S=0x00 I=15377 F=0x4000 T=54 SYN (#8)


Green is diehard.ath.cx, red is my host, bold is the port.
Sky
404 - Title not found
Posts: 89
Joined: Mon Jul 22, 2002 1:01 pm

Post by Sky »

In my firewall script i have included an option if i need ftp (normally i do not because i use ssh/scp)

Code: Select all

if [ $1 = "ftp" ]
   then
      $IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 21 -j ACCEPT
      $IPTABLES -A OUTPUT -p tcp --sport 1024: --dport 20 -j ACCEPT
      $IPTABLES -A INPUT -p tcp --dport 1024: -j ACCEPT
   fi;
then i run "script.sh ftp" and ftp works ;) You just have to look for the right syntax b/c you are using ipchains..
Slackware 10.0- Kernel 2.6.10-AES
Post Reply