maxxle
2003-Feb-22 10:55 UTC
[Shorewall-users] FTP: Connecting works fine, but no ''ls'' is possible
Hi! I''ve got a problem with I think my opened ports. Connecting to my ftp-Server works fine. But after this I can''t do an ''ls''-command at the prompt. Do I have to open any special ports (port 20 is open)? This is the output of my ftp-server: ftp> ls 227 Entering Passive Mode (192,168,100,1,40,214) ftp: connect: Connection refused I''m trying this from the loc-Net. When I''m on the box (using ssh) it''s no problem with the ftpd. THX maxxle -- Testing? What''s that? If it compiles, it is good, if it boots up it is perfect. - Linus
Tom Eastep
2003-Feb-22 11:01 UTC
[Shorewall-users] FTP: Connecting works fine, but no ''ls'' is possible
--On Saturday, February 22, 2003 07:53:13 PM +0000 maxxle <maxxle@t-online.de> wrote:> Hi! > I''ve got a problem with I think my opened ports. > Connecting to my ftp-Server works fine. But after this I can''t do > an ''ls''-command at the prompt. Do I have to open any special ports (port > 20 is open)? > > This is the output of my ftp-server: > > ftp> ls > 227 Entering Passive Mode (192,168,100,1,40,214) > ftp: connect: Connection refused > > I''m trying this from the loc-Net. When I''m on the box (using ssh) it''s > no problem with the ftpd.One of the following: a) Your kernel doesn''t have FTP connection tracking/nat support. b) Your kernel has modularized FTP connection tracking/nat support but the appropriate modules (ip_conntrack_ftp and ip_nat_ftp) aren''t being loaded. c) You have set ALLOWRELATED=No in shorewall.conf. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
i-hacked.com
2003-Feb-22 13:47 UTC
[Shorewall-users] FTP: Connecting works fine, but no ''ls'' is possible
Make sure you have ports 20 and 21 open for FTP transfers.. ----- Original Message ----- From: "maxxle" <maxxle@t-online.de> To: <shorewall-users@lists.shorewall.net> Sent: Saturday, February 22, 2003 1:53 PM Subject: [Shorewall-users] FTP: Connecting works fine, but no ''ls'' is possible> Hi! > I''ve got a problem with I think my opened ports. > Connecting to my ftp-Server works fine. But after this I can''t do > an ''ls''-command at the prompt. Do I have to open any special ports (port > 20 is open)? > > This is the output of my ftp-server: > > ftp> ls > 227 Entering Passive Mode (192,168,100,1,40,214) > ftp: connect: Connection refused > > I''m trying this from the loc-Net. When I''m on the box (using ssh) it''s > no problem with the ftpd. > > THX > > maxxle > -- > Testing? What''s that? If it compiles, it is good, if it boots up it is > perfect. - Linus > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users >
Tom Eastep
2003-Feb-22 14:19 UTC
[Shorewall-users] FTP: Connecting works fine, but no ''ls'' is possible
--On Saturday, February 22, 2003 3:38 PM -0600 "i-hacked.com" <hevnsnt@i-hacked.com> wrote:> Make sure you have ports 20 and 21 open for FTP transfers.. >In fact, you should NEVER need to open port 20 for FTP to work under iptables. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep
2003-Feb-23 07:53 UTC
[Shorewall-users] FTP: Connecting works fine, but no ''ls'' is possible
--On Saturday, February 22, 2003 11:00:56 AM -0800 Tom Eastep <teastep@shorewall.net> wrote:> > One of the following: > > a) Your kernel doesn''t have FTP connection tracking/nat support. > b) Your kernel has modularized FTP connection tracking/nat support but > the appropriate modules (ip_conntrack_ftp and ip_nat_ftp) aren''t being > loaded. c) You have set ALLOWRELATED=No in shorewall.conf. >Were you able to resolve your problem? -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
maxxle
2003-Feb-24 05:02 UTC
[Shorewall-users] FTP: Connecting works fine, but no ''ls'' is possible
Tom was right! I had to re-compile my kernel with ftp-nat-support! Now everything works fine. THX Tom bye maxxle On Sun, 2003-02-23 at 15:53, Tom Eastep wrote:> > > --On Saturday, February 22, 2003 11:00:56 AM -0800 Tom Eastep > <teastep@shorewall.net> wrote: > > > > > One of the following: > > > > a) Your kernel doesn''t have FTP connection tracking/nat support. > > b) Your kernel has modularized FTP connection tracking/nat support but > > the appropriate modules (ip_conntrack_ftp and ip_nat_ftp) aren''t being > > loaded. c) You have set ALLOWRELATED=No in shorewall.conf. > > > > Were you able to resolve your problem? > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.shorewall.net > http://lists.shorewall.net/mailman/listinfo/shorewall-users-- Testing? What''s that? If it compiles, it is good, if it boots up it is perfect. - Linus