HPE Community
Operating System - Linux
1826408 Members
4046 Online
109692 Solutions
New Discussion

FTP not working

 
kcpant
Trusted Contributor

‎09-05-2005 08:04 PM

‎09-05-2005 08:04 PM

FTP not working

Hi Friends,

I'm stuck to a simple problem ( it must be very simple), at one setup, clients can't do FTP through their systems. in-between is a linux 9.0 server with iptables and SQUID. clients use SQUID to access web.

I've made rules in iptables to SNAT & DNAT ftp traffic (port 21) to a specific client machine, but still I'm not able to connect ftp to any outside ftp server. ip_forward is also enabled in sysctl.conf. please suggest me if I'm missing something. I suspect it's because of the DSL modem, i think it's not handling SNATed packets properly. DSL modem's internal interface is ethernet, and IP is 192.168.1 series.it is connected to external NIC of linux server, which is also configured to same series. So, when I SNAT a packet and change souce to that of external NIC of server ( say 192.168.1.2), I suspect DSL modem will not be able to route it properly. But it's just an assumption from my side, please let me know if there any other reason of FTP problem.
PreSales Specialist
0 Kudos
3 REPLIES 3
Ivan Ferreira
Honored Contributor

‎09-06-2005 12:57 AM

‎09-06-2005 12:57 AM

Re: FTP not working

Maybe you are using ACTIVE ftp. Active ftp won't work behind a firewall. You have two alternatives:

* Use passive ftp.

- You configure it in advanced options of the navigator.

- For command line clients, use the pas command. Windows command line does not support passive ftp.

* Open your firewall to allow connections from the port 20 of the Internet to unprivileged ports on local lan.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Steven E. Protter
Exalted Contributor

‎09-06-2005 01:50 AM

‎09-06-2005 01:50 AM

Re: FTP not working

You are trying to have your Linux box act as a router.

A few componenets need to be in place.

1) SNAT

-A POSTROUTING -o eth1 -j SNAT --to-source

2) You ineed FORWARD statements in your iptables firewall.

Here is your issue:

The DSL modem is already acting like a router. It has IP address 192.168.0.1 It may already be doing NAT/SNAT. If it were just doing modem work, it would hand to connecting computers a valid external ip address on DHCP.

I've seen SBC Global modems that are configured like this. To get Internet sharing to work, you need to have your internal machines on a different internal network thatn the modem.

If the modem has 192.168.0.1 and netmask of 255.255.255.0 (meaning the network is 192.168.0 and the host is 1) then the internal router needs to be on say:

192.168.1.1 and handle routing to 192.168.0 network.

Precisely worded, modems really aren't supposed to do routing. But some do at least immitate and make life interesting.

Fun isn't it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
kcpant
Trusted Contributor

‎01-03-2006 06:07 PM

‎01-03-2006 06:07 PM

Re: FTP not working

Closing threads open from a long time....
PreSales Specialist
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.