Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Ftp Problems, FTP Problems via Redhat Linux Firewall
cyberzork
post Oct 6 2005, 12:51 AM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 6-October 05
Member No.: 5,602



Need help with FTP Redhat Firewall problem.
--------------------------------------------------------
Recently a Linux guy (Now moved away) setup a Linux Redhat Firewall server connected to a Cable Modem for our Windows PC's to share Internet etc.

Now the Browsing is ok and Email is ok, but we are having problems with FTP. We can connect ok to the IP Address and the username/password verifies ok, but then we get a message saying eg:-
---------------------------------------------------------------------500 I won't open a connection to 192.168.0.13 (only to 60.226.143.244)
! Failed "port":
! Retrieve of folder listing failed (0)
---------------------------------------------------------------------Note:- I am on the Windows pc getting the IP Address 192.168.0.13 .
Now i tried passive mode using the same ftp port 21 and same problem.
The linux guy said we have to mod the IP Tables somewhere, but he is
not exactly sure where to do it to allow us to FTP from local windows pc's.? I have included the full error message ftp log below. I found the IPTables File on the Linux box, but have no idea what to do there. Any help would be greatly appreciated.

(Full FTP Log Error).
WINSOCK.DLL: WinSock 2.0
WS_FTP LE 5.08 2000.01.13, Copyright 1992-2000 Ipswitch, Inc.
- -
connecting to 216.58.174.154:21
Connected to 216.58.174.154 port 21
220---------- Welcome to Pure-FTPd [privsep] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 19:31. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
USER inventco
331 User inventco OK. Password required
PASS (hidden)
230-User inventco has group access to: ftponly
230 OK. Current restricted directory is /
PWD
257 "/" is your current location
SYST
215 UNIX Type: L8
Host type (S): UNIX (standard)
PASV
227 Entering Passive Mode (216,58,174,154,111,145)
connecting to 216.58.174.154:28561
- -
connecting to 216.58.174.154:28561
! Connection failed 216.58.174.154 - connection timed out
! connect: error 0
PORT 192,168,0,13,4,76
500 I won't open a connection to 192.168.0.13 (only to 60.226.143.244)
! Failed "port":
! Retrieve of folder listing failed (0)
Go to the top of the page
 
+Quote Post
cagey cretin
post Oct 8 2005, 07:37 AM
Post #2


./configure
***

Group: Members
Posts: 96
Joined: 9-September 03
Member No.: 1,413



It would help to know how your firewall is set up now, so you'll need to print it out here. You can print it (to the screen) with this command (assuming default location):

cat /etc/sysconfig/iptables

If there is a lot of data, you can print it out (to screen) thus:

cat /etc/sysconfig/iptables | more

Just press the space bar for the next 'page' or the enter key to scroll line-by-line.

If you are viewing from a telnet screen on a remote computer (ie you are not logged on directly but from another machine), you should be able to select, copy and paste the output. Right click the blue bar at the top of the windows telnet screen, then select edit mark/copy/paste.
Go to the top of the page
 
+Quote Post
Termina
post Oct 13 2005, 12:40 AM
Post #3


RMS is my Hero
******

Group: Support Specialist
Posts: 862
Joined: 18-February 04
From: Wisconsin
Member No.: 2,404



Let's try a few things.

First off, please make sure you've tried PORT mode as well, not just PASSIVE.

Also, is there a reason you're using iptables? My impression is that this is a small LAN, using a Home/Small business router. As such, you probably don't need to protect this box from computers in your LAN. If you have a router, this isn't much of a reason to use iptables for security, since the router will stop unwanted traffic from getting through.

To test this firewall w/o iptables, there are serveral options.

modprobe -r ip_tables
modprobe -r iptable_filter

or

/etc/init.d/iptables stop (this works with some distros)

or

iptables -F (warning: this will flush your iptables rules. redhat should store these rules in /etc/sysconfig/iptables, so make a backup!)

If none of that works, we have to assume it's a problem with the client machine (have you tried using any other computers in this lan to do this?), or a problem with the FTP client (I personally have had trouble with WS_FTP before; a switch to SmartFTP solved that.)

Lastly, is there a reason you're using FTP? Unencrypted passwords, and all that... WinSCP might be a better option for you.

And since it works off port 22, if you can SSH in without problems, you can use SCP.

http://sourceforge.net/projects/winscp


--------------------
*Points finger at the author above him* They're a witch! Burn them!
---
Vist my website!
Join me in IRC! Server: st0rage.org Channel: #UnhandledExceptions
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 18th December 2017 - 11:47 AM