View previous topic :: View next topic |
Author |
Message |
cf25 Apprentice
Joined: 20 Jun 2002 Posts: 158
|
Posted: Thu Jul 11, 2002 7:52 pm Post subject: pure-ftp |
|
|
well, i am running pure ftp and it works fine within my lan. in fact people can even connect to it from outside my lan. the problem is they cant get the directory listing. any ideas?
the address is 65.218.56.80:42 if you wanna try it |
|
Back to top |
|
|
delta407 Bodhisattva
Joined: 23 Apr 2002 Posts: 2876 Location: Chicago, IL
|
Posted: Thu Jul 11, 2002 7:56 pm Post subject: |
|
|
Are you behind a firewall or something that is doing NAT? If so, people on the other end of the pipe have to go into "passive" mode. _________________ I don't believe in witty sigs. |
|
Back to top |
|
|
cf25 Apprentice
Joined: 20 Jun 2002 Posts: 158
|
Posted: Thu Jul 11, 2002 8:04 pm Post subject: right |
|
|
so what is NAT and how do i know if my router is doing it? |
|
Back to top |
|
|
delta407 Bodhisattva
Joined: 23 Apr 2002 Posts: 2876 Location: Chicago, IL
|
Posted: Thu Jul 11, 2002 8:18 pm Post subject: |
|
|
Did you have to do anything to open port 42? Also, if your FTP server isn't residing on 65.218.56.80 (like it has a different IP), you have to specify that in your configuration file. _________________ I don't believe in witty sigs. |
|
Back to top |
|
|
cf25 Apprentice
Joined: 20 Jun 2002 Posts: 158
|
Posted: Thu Jul 11, 2002 8:25 pm Post subject: |
|
|
yeah i had to rout port 42 to my local ip on the lan |
|
Back to top |
|
|
Zu` l33t
Joined: 26 May 2002 Posts: 716 Location: BE
|
Posted: Fri Jul 12, 2002 8:43 am Post subject: Re: right |
|
|
cf25 wrote: | so what is NAT and how do i know if my router is doing it? |
http://linas.org/linux/load.html
It's fairly brief and worth the read.
For more specific information, like setting it up with iptables: http://www.tldp.org/ |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Fri Jul 12, 2002 11:59 am Post subject: Re: pure-ftp |
|
|
cf25 wrote: | well, i am running pure ftp and it works fine within my lan. in fact people can even connect to it from outside my lan. the problem is they cant get the directory listing. any ideas? |
FTP requires the use of two TCP ports. One is for control information (21, by default) and the other is for actual data (20, by default). From what you're describing, you've correctly routed the port for control information to your FTP server, but you have not done the same for the actual data port. (or its blocked at your firewall, etc.)
You might also try establishing a passive FTP connection instead of an active one -- if a firewall on the client side is causing a problem, this will often work around that issue. (passive FTP allows the client to establish the secondary data connection, rather than having the server establish it)
And, if all of this sounds like gibberish to you, then I suggest you do a little googling. There's lots and lots of information out there about this stuff.
--kurt _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
delta407 Bodhisattva
Joined: 23 Apr 2002 Posts: 2876 Location: Chicago, IL
|
Posted: Fri Jul 12, 2002 1:44 pm Post subject: Re: pure-ftp |
|
|
klieber wrote: | FTP requires the use of two TCP ports. One is for control information (21, by default) and the other is for actual data (20, by default). |
Actually, in most modern FTP servers I've used, random ports are assigned. Not one of them used port 20. Fortunately, man pure-ftpd says:
Code: | -N NAT mode. Force active mode. If your FTP server is behind a NAT box that
doesn't support applicative FTP proxying, or if you use port redirection
without a transparent FTP proxy, use this. Well... the previous sentence
isn't very clear. Okay: if your network looks like this:
FTP--NAT.gateway/router--Internet
and if you want people coming from the internet to have access to your FTP
server, please try without this option first. If Netscape clients can con-
nect without any problem, your NAT gateway rulez. If Netscape doesn't dis-
play directory listings, your NAT gateway sucks. Use -N as a workaround. |
_________________ I don't believe in witty sigs. |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Fri Jul 12, 2002 2:25 pm Post subject: Re: pure-ftp |
|
|
delta407 wrote: | Actually, in most modern FTP servers I've used, random ports are assigned. Not one of them used port 20. |
Hmmm...sure that wasn't for passive FTP connections? Every FTP server I've used as always initiated data connections from port 20 on the server. Otherwise, it makes setting up FTP on the firewall a challenge since you have to figure out what port your FTP server expects to use for data connections.
In passive FTP, OTOH, the server does use random, unprivileged (> 1024) ports, though the client, and not the server, does the connecting in that case.
--kurt _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
delta407 Bodhisattva
Joined: 23 Apr 2002 Posts: 2876 Location: Chicago, IL
|
Posted: Fri Jul 12, 2002 8:37 pm Post subject: Re: pure-ftp |
|
|
klieber wrote: | Every FTP server I've used as always initiated data connections from port 20 on the server. |
Most clients use passive mode by default nowadays, since a lot of people are NATed at home. And since he's not being firewalled, just NATed, it doesn't much matter what port connections originate from, so... _________________ I don't believe in witty sigs. |
|
Back to top |
|
|
|