| View previous topic :: View next topic |
| Author |
Message |
faz
n00b
Joined: 02 Nov 2002
Posts: 73
Location: the Netherlands
|
 Posted: Tue Apr 22, 2003 6:23 am Post subject: Need some help from a netfilter guy on FTP PASV problems |
 |
|
Hi all,
I have a kind of strange problem when FTP-ing to a certain FTP server from my client. I'm going thru a netfilter firewall who is also MASQ-ing. I know FTP thru netfilter is a challenge  .
Doing FTP on this server, the access to the server slows down to a crawl. I've been investigating it and it seems to me the server gives a none standard (but legal) response to the PASV command. It's response is:
| Code: | | 227 Passive mode OK ({numbers}) |
It then wait's a long time and continues. Is does this every time.
If i look at the responses of "normal" working FTP servers I get:
| Code: | | 227 Entering Passive Mode ({numbers}) |
and it continues.
There seems to be a patch for this called ftp-pasv-fix.patch, but I can't find it. It's not in the netfilter patch-o-rama, nor in CVS anymore. The fix seems to be old. I found references of it being combined with other patches, etc, but I can't find the patch itself nor information wether it's already in the iptables package.
I've tried with version 1.2.7a and 1.2.8 of iptables, both show the same behavior. I don't know wether this fix is in any of these versions.
Oh, off course I loaded both the ip_nat_ftp and ip_conntrack_ftp modules. What I do find a bit strange is that lsmod reports them as being "unused".
Does anyone know of this patch and it's status?
Is this my problem in the first place and, if not, what else could it be?
Any help on this would be GREAT.[/code] |
|
| Back to top |
|
 |
Koon
Retired Dev
Joined: 10 Dec 2002
Posts: 518
|
| Posted: Tue Apr 22, 2003 8:36 am Post subject: |
|
|
The delay looks like a IP-resolution problem... Try adding the client IP/name in the /etc/hosts file just to see if it reduces the delay...
-K |
|
| Back to top |
|
|
faz
n00b
Joined: 02 Nov 2002
Posts: 73
Location: the Netherlands
|
| Posted: Tue Apr 22, 2003 8:45 am Post subject: |
|
|
No, that's not it.
But I came a bit further now. I've manged to disable passive mode with KBear, and now it works much faster, so it's definitely the PASV statement that's causing the delay.
Is there a way to work in non-passive mode with konqueror? |
|
| Back to top |
|
|
Koon
Retired Dev
Joined: 10 Dec 2002
Posts: 518
|
| Posted: Tue Apr 22, 2003 8:53 am Post subject: |
|
|
Can't help you, I use Gnome.
-K |
|
| Back to top |
|
|
faz
n00b
Joined: 02 Nov 2002
Posts: 73
Location: the Netherlands
|
| Posted: Tue Apr 22, 2003 8:57 am Post subject: |
|
|
| Hmmm, i don't think it has anything to do about Gnome or KDE... |
|
| Back to top |
|
|
faz
n00b
Joined: 02 Nov 2002
Posts: 73
Location: the Netherlands
|
| Posted: Tue Apr 22, 2003 9:04 am Post subject: |
|
|
| Hmmm, i don't think it has anything to do about Gnome or KDE... |
|
| Back to top |
|
|
Koon
Retired Dev
Joined: 10 Dec 2002
Posts: 518
|
| Posted: Tue Apr 22, 2003 9:11 am Post subject: |
|
|
I was just replying to your question on Konqueror (how to disable PASV in Konq)... Can't help, I don't use it.
As to your problem, I don't have any clue, I am not a patch expert
-K |
|
| Back to top |
|
|
|
Networking & Security
