[Shorewall-newbies] FTP problem

Tom Eastep teastep at shorewall.net
Sun Dec 28 07:36:44 PST 2003


On Sunday 28 December 2003 07:20 am, gregory wrote:
> Tom Eastep wrote:
> >On Sun, 28 Dec 2003, gregory wrote:
> >>>>< 257 "/"
> >>>>~ Login completed.
> >>>>
> >>>>>PORT 192,168,0,102,7,155
> >>>>
> >>>>< 500 Illegal PORT command.
> >>>>~ Could not retrieve directory listing for "/"
> >>>
> >>>You haven't correctly loaded the modules -- the IP address in the PORT
> >>>command contains the RFC1918 address of the
> >>
> >>of the what? Can you elaborate?
> >
> >I assume that 192.168.0.102 is the internal IP address of your FTP server,
> >right. That is the IP address encoded in the PORT command.

Sorry -- I was wrong here. The *client* sends the PORT command which should 
have its own IP addresses encoded in it. So 192.168.0.2 is the IP address of 
the client. This would indicate that the client is behind a NAT box of some 
sort. If that box doesn't know that port 7121 is FTP then *it* won't do the 
correct thing.

>
> No, I've been able to test it and here's the debug result:
> ftp> pwd 257 "/"
> ftp> debug
> Debugging on (debug=1).
> ftp> ls
> ftp: setsockopt (ignored): Permission denied ---> PASV 227 Entering
> Passive Mode (213,224,97,4,204,127) ---> LIST 150 Here comes the
> directory listing. 226 Directory send OK.
> ftp>
>

That all looks ok -- but in this case, you are using passive mode which would 
eliminate any NAT problems on the client side.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list