Rikard Bjurenbäck
2004-Dec-21 16:08 UTC
FTP server not on port 21 problems - I do have read the FAQ
Hi! I use standard Bering 2.2.2. I am trying to get my FTP-server to work with another portnumber than 21 (On port 21 all works great, but I´m really interested in running two FTP-servers, so I want to figure this one out first). Read the FAQ: http://www.shorewall.net/FTP.html and now I got this setup: In Rules: DNAT net loc:192.168.3.2 tcp 99 In Shorewalls modules.conf (tried Berings modules.conf too, cause I don´t know wich one loads): loadmodule ip_conntrack_ftp ports=21,99 loadmodule ip_nat_ftp ports=21,99 (of course no loadmodule i Berings module.conf) Then I reboot. When I connect from the outside with an FTP-klient I can login OK, but then I get: Data socket error: Connection failed, connection timed out. This is for passive mode. In active mode I can login and then I get: List failed. No port specified. The FTP-server can operate both in active and in passive mode, and for passive I´ve configured: Fixed ip (is my outside ip) and portrange is default: 1024-65535. As I´ve said, both active and passive mode works great with port 21, so there must be something else wrong here. I´m obviously overlooking something important but what? Regards Rikard
Rikard Bjurenbäck
2004-Dec-21 16:30 UTC
FTP server not on port 21 problems - I do have read the FAQ
Hi! I use standard Bering 2.2.2. I am trying to get my FTP-server to work with another portnumber than 21 (On port 21 all works great, but I´m really interested in running two FTP-servers, so I want to figure this one out first). Read the FAQ: http://www.shorewall.net/FTP.html and now I got this setup: In Rules: DNAT net loc:192.168.3.2 tcp 99 In Shorewalls modules.conf (tried Berings modules.conf too, cause I don´t know wich one loads): loadmodule ip_conntrack_ftp ports=21,99 loadmodule ip_nat_ftp ports=21,99 (of course no loadmodule i Berings module.conf) Then I reboot. When I connect from the outside with an FTP-klient I can login OK, but then I get: Data socket error: Connection failed, connection timed out. This is for passive mode. In active mode I can login and then I get: List failed. No port specified. The FTP-server can operate both in active and in passive mode, and for passive I´ve configured: Fixed ip (is my outside ip) and portrange is default: 1024-65535. As I´ve said, both active and passive mode works great with port 21, so there must be something else wrong here. I´m obviously overlooking something important but what? Regards Rikard
Tom Eastep
2004-Dec-21 16:38 UTC
Re: FTP server not on port 21 problems - I do have read the FAQ
On Tue, 2004-12-21 at 17:30 +0100, Rikard Bjurenbäck wrote:> out first). > > Read the FAQ: http://www.shorewall.net/FTP.html and now I got this setup: > > In Rules: DNAT net loc:192.168.3.2 tcp 99 > > In Shorewalls modules.conf (tried Berings modules.conf too, cause I don´t know wich one loads): > > loadmodule ip_conntrack_ftp ports=21,99 > loadmodule ip_nat_ftp ports=21,99 > (of course no loadmodule i Berings module.conf)On Bering, Bering *always loads the modules* and you should post on the leaf-user list for help with loading modules with options on that distribution.> > Then I reboot. > > When I connect from the outside with an FTP-klient I can login OK, but > then I get: Data socket error: Connection failed, connection timed out. This is > for passive mode. In active mode I can login and then I get: List failed. No port > specified.Sounds like the modules aren''t getting loaded or are getting loaded incorrectly.> > The FTP-server can operate both in active and in passive mode, and for passive > I´ve configured: Fixed ip (is my outside ip)Don''t -- this typically confuses the ftp helper modules. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Rikard Bjurenbäck
2004-Dec-21 17:05 UTC
Re: FTP server not on port 21 problems - I dohave read the FAQ
YES!!! Thanks Tom! I cleared the Fixed IP checkbox on the FTP-server ->>> The FTP-server can operate both in active and in passive mode, and for >> passive >> I´ve configured: Fixed ip (is my outside ip) > > Don''t -- this typically confuses the ftp helper modules.Isn´t it strange that it work with port 21 but not with another port? (hum... gets me). Anyway, I´m greatfull. Maybe you should put that one i the FAQ. Regards Rikard ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: <rikard.bjurenback@ec.se>; "Shorewall Users" <shorewall-users@lists.shorewall.net> Sent: Tuesday, December 21, 2004 5:38 PM Subject: Re: [Shorewall-users] FTP server not on port 21 problems - I dohave read the FAQ> On Tue, 2004-12-21 at 17:30 +0100, Rikard Bjurenbäck wrote: > >> out first). >> >> Read the FAQ: http://www.shorewall.net/FTP.html and now I got this setup: >> >> In Rules: DNAT net loc:192.168.3.2 tcp 99 >> >> In Shorewalls modules.conf (tried Berings modules.conf too, cause I don´t >> know wich one loads): >> >> loadmodule ip_conntrack_ftp ports=21,99 >> loadmodule ip_nat_ftp ports=21,99 >> (of course no loadmodule i Berings module.conf) > > On Bering, Bering *always loads the modules* and you should post on the > leaf-user list for help with loading modules with options on that > distribution. >> >> Then I reboot. >> >> When I connect from the outside with an FTP-klient I can login OK, but >> then I get: Data socket error: Connection failed, connection timed out. >> This is >> for passive mode. In active mode I can login and then I get: List failed. >> No port >> specified. > > Sounds like the modules aren''t getting loaded or are getting loaded > incorrectly. > >> >> The FTP-server can operate both in active and in passive mode, and for >> passive >> I´ve configured: Fixed ip (is my outside ip) > > Don''t -- this typically confuses the ftp helper modules. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > >