Hi guys,
I got an FTP problem I can''t seem to solve... I read the page about FTP
solution on shorewall.net but I don''t think it''s relevant to
kernel 2.6.x
I can''t seem to get the "connection tracking" to work. Can
any of you let me know where I can find relevant doc or a sollution?
My Network:
-----------
FTP Client --> Shorewall 2.0.1.RC5 --> FTP Server (port: 45277)
Shorewall rule:
---------------
ACCEPT loc net:foobar.dyndns.org tcp 45277
Connection attempt:
-------------------
$ ftp foobar.dyndns.org 45277
Connected to foobar.dyndns.org.
220 -
Name (foobar.dyndns.org:me): username
331 Password required for username.
Password:
230 User username logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> debug 5
Debugging on (debug=5).
ftp> passive
Passive mode on.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PASV
227 Entering Passive Mode (69,22,49,16,200,188).
ftp: connect: Connection refused
ftp> passive
Passive mode off.
ftp> ls
ftp: setsockopt (ignored): Permission denied
---> PORT 192,168,5,119,129,153
200 Port command successful.
---> LIST
150 Opening data connection for directory list.
receive aborted
waiting for remote to finish abort
426 Cannot retrieve. Failed. Aborting
226 ABOR command successful.
ftp>
Output of Shorewall log:
------------------------
# tail -n 0 -f /var/log/shorewall.ulog | grep "192.168.1.19"
May 19 13:49:07 arrakis Shorewall:all2all:REJECT: IN=eth2 OUT=ppp0
MAC=00:90:27:0b:6e:a7:00:08:82:e2:20:e2:08:00 SRC=192.168.5.119 DST=69.22.49.16
LEN=60 TOS=00 PREC=0x00 TTL=63 ID=11028 DF PROTO=TCP SPT=33176 DPT=51388
SEQ=2089869163 ACK=0 WINDOW=5840 SYN URGP=0
Kernel NetFilter Info:
----------------------
# grep _NF_ /usr/src/linux-2.6.5/.config
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_PKTTYPE=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_HELPER=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_MATCH_CONNTRACK=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_TARGET_SAME=y
# CONFIG_IP_NF_NAT_LOCAL is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_CLASSIFY=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
Many thanks guys,
Ed.