| View previous topic :: View next topic |
| Author |
Message |
osterhas
n00b
Joined: 07 Oct 2003
Posts: 11
|
 Posted: Wed Aug 18, 2004 11:57 am Post subject: nonstandard ftp port passive connection |
 |
|
Hi
I've posted to comp.os.linux.networking but nobody could help me.
Thread at: http://groups.google.ch/groups?hl=de&lr=&ie=UTF-8&threadm=g48Tc.1459%24Zq.988%40newssvr32.news.prodigy.com&rnum=1&prev=/groups%3Fq%3Dnonstandard%2Bftp%2Bpassive%26hl%3Dde%26lr%3D%26ie%3DUTF-8%26selm%3Dg48Tc.1459%2524Zq.988%2540newssvr32.news.prodigy.com%26rnum%3D1
My problem:
My problem is, that i cannot do a passive connection from my linux box
to an ftp server which doens't run a standard port.
I can connect to the ftp with my ncftp client. But if i do an 'ls' it
says:
ncftp / > ls List failed. No route to host.
And yes, i'm behind a NAT router. The ftp server also. If i connect
from my Windows XP Laptop, it works without problems. That's kind of
weird for me.
My Route: linux client -- nat router -- {internet} -- nat router --
server
It works with Windows, i don't understand why it doesn't work with
linux. I've a Zyxel Prestige 310 Router. Port forwarding is set up to
forward to my linux box per default. If it isn't the connection from
Windows doesn't work.
Has this something to do with the ip_conntrack part in my kernel? I
use 2.6.5, homebrewed gentoo.
I've full root access to both, client and server. This problem exists also to other ftps running nonstandard ports above 1024.
I hope someone here can help me.
Cheers |
|
| Back to top |
|
 |
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Wed Aug 18, 2004 12:04 pm Post subject: |
|
|
Well, you can start by examining the log output for both client and server - that should give you a clue why the connection can be made (as you clearly state it can) but the ls command doesn't work.
What about other commands ?
What about other clients ?
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
osterhas
n00b
Joined: 07 Oct 2003
Posts: 11
|
| Posted: Wed Aug 18, 2004 1:30 pm Post subject: |
|
|
It's weird, I tried with the lftp client and it worked. Now I kno that it isn't my kernel.
But i don't understand why I have to forward all ports to my client. Shouldn't the NAT router assign dynamically ports to his internal table? Actually I don't want to have all Requests on all ports forwarded to my client. What if I have more than one client which want to connect?
Greetings |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Thu Aug 19, 2004 1:17 pm Post subject: |
|
|
That's not how it works.
Normal (active) ftp requires the server to make the data connection back to the client - that would require you to route those packets back through iptabels to the client, since the client wouldn't know what address they are meant for.
But you're talking about passive ftp - in this case, the client suggests a port to the server and it connects through that.
There is excellent iptables support for this, and it should be automatic.
There is no (practical) limit to the number of clients.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
|
Networking & Security
