[Shorewall-newbies] FTP problem

Tom Eastep teastep at shorewall.net
Sat Dec 27 17:44:45 PST 2003


On Sun, 28 Dec 2003, gregory wrote:

> >And what do you see if you try to use a line-mode client in debugging mode to
> >connect to your server and do a directory listing? Are there any Shorewall
> >log messages issued when you try this connection?
> >
> >-Tom
> >
> >
> Haven't tried line-mode yet since I can't do it (have no access to it).
> But the ftp client still gives me this:

Sigh -- this is fine.

> < 331 Please specify the password.
>  > PASS *****
> < 230 Login successful.
>  > REST 1
> < 350 Restart position accepted (1).
>  > REST 0
> < 350 Restart position accepted (0).
>  > SYST
> < 215 UNIX Type: L8
>  > PWD
> < 257 "/"
> ~ Login completed.
>  > PORT 192,168,0,102,7,155
> < 500 Illegal PORT command.
> ~ Could not retrieve directory listing for "/"
>

You haven't correctly loaded the modules -- the IP address in the PORT
command contains the RFC1918 address of the

>
> I've edited the modules file to include ports 21 and 7121, but still no go.
> When I access the ftp server from within my lan, I get instantly
> connected. I also see no references in the Shorewall log.
> Help please.
>

The ftp NAT helper and/or conntrack helper isn't configured correctly.

-Tom
--
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net


More information about the Shorewall-newbies mailing list