Help - Search - Members - Calendar
Full Version: Ftp Problems
Linuxhelp > Support > Technical Support
cyberzork
Need help with FTP Redhat Firewall problem.
--------------------------------------------------------
Recently a Linux guy (Now moved away) setup a Linux Redhat Firewall server connected to a Cable Modem for our Windows PC's to share Internet etc.

Now the Browsing is ok and Email is ok, but we are having problems with FTP. We can connect ok to the IP Address and the username/password verifies ok, but then we get a message saying eg:-
---------------------------------------------------------------------500 I won't open a connection to 192.168.0.13 (only to 60.226.143.244)
! Failed "port":
! Retrieve of folder listing failed (0)
---------------------------------------------------------------------Note:- I am on the Windows pc getting the IP Address 192.168.0.13 .
Now i tried passive mode using the same ftp port 21 and same problem.
The linux guy said we have to mod the IP Tables somewhere, but he is
not exactly sure where to do it to allow us to FTP from local windows pc's.? I have included the full error message ftp log below. I found the IPTables File on the Linux box, but have no idea what to do there. Any help would be greatly appreciated.

(Full FTP Log Error).
WINSOCK.DLL: WinSock 2.0
WS_FTP LE 5.08 2000.01.13, Copyright 1992-2000 Ipswitch, Inc.
- -
connecting to 216.58.174.154:21
Connected to 216.58.174.154 port 21
220---------- Welcome to Pure-FTPd [privsep] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 19:31. Server port: 21.
220 You will be disconnected after 15 minutes of inactivity.
USER inventco
331 User inventco OK. Password required
PASS (hidden)
230-User inventco has group access to: ftponly
230 OK. Current restricted directory is /
PWD
257 "/" is your current location
SYST
215 UNIX Type: L8
Host type (S): UNIX (standard)
PASV
227 Entering Passive Mode (216,58,174,154,111,145)
connecting to 216.58.174.154:28561
- -
connecting to 216.58.174.154:28561
! Connection failed 216.58.174.154 - connection timed out
! connect: error 0
PORT 192,168,0,13,4,76
500 I won't open a connection to 192.168.0.13 (only to 60.226.143.244)
! Failed "port":
! Retrieve of folder listing failed (0)
cagey cretin
It would help to know how your firewall is set up now, so you'll need to print it out here. You can print it (to the screen) with this command (assuming default location):

cat /etc/sysconfig/iptables

If there is a lot of data, you can print it out (to screen) thus:

cat /etc/sysconfig/iptables | more

Just press the space bar for the next 'page' or the enter key to scroll line-by-line.

If you are viewing from a telnet screen on a remote computer (ie you are not logged on directly but from another machine), you should be able to select, copy and paste the output. Right click the blue bar at the top of the windows telnet screen, then select edit mark/copy/paste.
Termina
Let's try a few things.

First off, please make sure you've tried PORT mode as well, not just PASSIVE.

Also, is there a reason you're using iptables? My impression is that this is a small LAN, using a Home/Small business router. As such, you probably don't need to protect this box from computers in your LAN. If you have a router, this isn't much of a reason to use iptables for security, since the router will stop unwanted traffic from getting through.

To test this firewall w/o iptables, there are serveral options.

modprobe -r ip_tables
modprobe -r iptable_filter

or

/etc/init.d/iptables stop (this works with some distros)

or

iptables -F (warning: this will flush your iptables rules. redhat should store these rules in /etc/sysconfig/iptables, so make a backup!)

If none of that works, we have to assume it's a problem with the client machine (have you tried using any other computers in this lan to do this?), or a problem with the FTP client (I personally have had trouble with WS_FTP before; a switch to SmartFTP solved that.)

Lastly, is there a reason you're using FTP? Unencrypted passwords, and all that... WinSCP might be a better option for you.

And since it works off port 22, if you can SSH in without problems, you can use SCP.

http://sourceforge.net/projects/winscp
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.