[Shorewall-newbies] FTP problem

gregory aeon at pandora.be
Sun Dec 28 18:04:46 PST 2003


Tom Eastep wrote:

>On Sunday 28 December 2003 07:20 am, gregory wrote:
>  
>
>>Tom Eastep wrote:
>>    
>>
>>>On Sun, 28 Dec 2003, gregory wrote:
>>>      
>>>
>>>>>>< 257 "/"
>>>>>>~ Login completed.
>>>>>>
>>>>>>            
>>>>>>
>>>>>>>PORT 192,168,0,102,7,155
>>>>>>>              
>>>>>>>
>>>>>>< 500 Illegal PORT command.
>>>>>>~ Could not retrieve directory listing for "/"
>>>>>>            
>>>>>>
>>>>>You haven't correctly loaded the modules -- the IP address in the PORT
>>>>>command contains the RFC1918 address of the
>>>>>          
>>>>>
>>>>of the what? Can you elaborate?
>>>>        
>>>>
>>>I assume that 192.168.0.102 is the internal IP address of your FTP server,
>>>right. That is the IP address encoded in the PORT command.
>>>      
>>>
>
>Sorry -- I was wrong here. The *client* sends the PORT command which should 
>have its own IP addresses encoded in it. So 192.168.0.2 is the IP address of 
>the client. This would indicate that the client is behind a NAT box of some 
>sort. If that box doesn't know that port 7121 is FTP then *it* won't do the 
>correct thing.
>
>  
>
Yeah, that's what I was thinking. After I've read the email. So, it's a 
client side problem? The client is indeed behind a router.

>>No, I've been able to test it and here's the debug result:
>>ftp> pwd 257 "/"
>>ftp> debug
>>Debugging on (debug=1).
>>ftp> ls
>>ftp: setsockopt (ignored): Permission denied ---> PASV 227 Entering
>>Passive Mode (213,224,97,4,204,127) ---> LIST 150 Here comes the
>>directory listing. 226 Directory send OK.
>>ftp>
>>
>>    
>>
>
>That all looks ok -- but in this case, you are using passive mode which would 
>eliminate any NAT problems on the client side.
>  
>
Are you telling the client shouldn't have any problems now because it 
was using PASV mode?
The client is able to establish a connection and can even log in, yet 
can't get a directory listing.
Using the ftp CLI command the client was able to write something to the 
ftp server as well, but can't get a directory listing.
Weird.

Gregory



More information about the Shorewall-newbies mailing list