Board index Linux Networking

IIS-ftp-server behind linux firewall

IIS-ftp-server behind linux firewall

Post by mmri.. » Sat, 20 Jan 2001 10:44:09



I'm running a linux Firewall (kernel 2.2.17) with IPChains (masq_ftp
installed). It connects the private Network to the Internet. Inside the
private network, there ist a Windows 2000 machine running the FTP-
Server included in the Microsoft IIS. To get a connection from the
internet to the FTP-Server I configured the following portmapping:

/usr/sbin/ipmasqadm portfw -a -P tcp -L $4 8021 -R ftp.xxxxx.de ftp
($4 is the public IP of the firewall, ftp.xxxxx.de the ftp-server)

When I try to get a connection via FTP it works just fine, unless I try
to get some data (ie command "ls"). The client doesn't get any respond.
A tcpdump on the firewall shows the following: The server gets the
request, tries to establish a ftp-data connection but the client
doesn't respond.
I know this is a well known problem because I discovered many articels
about this topic - only help requests, no answers...

Sent via Deja.com
http://www.deja.com/

 
 
 
Top

IIS-ftp-server behind linux firewall

Post by Lac Hao Vie » Sat, 20 Jan 2001 12:03:29


What client do you have?



> I'm running a linux Firewall (kernel 2.2.17) with IPChains (masq_ftp
> installed). It connects the private Network to the Internet. Inside
the
> private network, there ist a Windows 2000 machine running the FTP-
> Server included in the Microsoft IIS. To get a connection from the
> internet to the FTP-Server I configured the following portmapping:

> /usr/sbin/ipmasqadm portfw -a -P tcp -L $4 8021 -R ftp.xxxxx.de ftp
> ($4 is the public IP of the firewall, ftp.xxxxx.de the ftp-server)

> When I try to get a connection via FTP it works just fine, unless I
try
> to get some data (ie command "ls"). The client doesn't get any
respond.
> A tcpdump on the firewall shows the following: The server gets the
> request, tries to establish a ftp-data connection but the client
> doesn't respond.
> I know this is a well known problem because I discovered many articels
> about this topic - only help requests, no answers...

> Sent via Deja.com
> http://www.deja.com/

Sent via Deja.com
http://www.deja.com/

 
 
 
Top

IIS-ftp-server behind linux firewall

Post by Jem Berke » Sat, 20 Jan 2001 12:33:12


Quote:> /usr/sbin/ipmasqadm portfw -a -P tcp -L $4 8021 -R ftp.xxxxx.de ftp
> ($4 is the public IP of the firewall, ftp.xxxxx.de the ftp-server)

> When I try to get a connection via FTP it works just fine, unless I try
> to get some data (ie command "ls"). The client doesn't get any respond.
> A tcpdump on the firewall shows the following: The server gets the
> request, tries to establish a ftp-data connection but the client
> doesn't respond.

When you want to do packet forwarding into an internal FTP server you
have to do forwarding of both ports 20 (ftp-data) and 21 (ftp)

You seem to be using a nonstandard port externally, though. I don't know
what the associated ftp-data port would be, perhaps it is still port 20?
Try it out.

--
http://www.pc-tools.net/
DOS, Win32, Linux software

 
 
 
Top

IIS-ftp-server behind linux firewall

Post by Matthias Riechma » Sat, 20 Jan 2001 19:43:23


Using ports 21 and 20 for forwarding makes no difference. I fear the
masquerading masks the packets coming from the server on port 20 to a
port on the client it doesn't expect. But I don't know which port it
does expect and how to fix it.



Quote:>> /usr/sbin/ipmasqadm portfw -a -P tcp -L $4 8021 -R ftp.xxxxx.de ftp
>> ($4 is the public IP of the firewall, ftp.xxxxx.de the ftp-server)

>> When I try to get a connection via FTP it works just fine, unless I try
>> to get some data (ie command "ls"). The client doesn't get any respond.
>> A tcpdump on the firewall shows the following: The server gets the
>> request, tries to establish a ftp-data connection but the client
>> doesn't respond.

>When you want to do packet forwarding into an internal FTP server you
>have to do forwarding of both ports 20 (ftp-data) and 21 (ftp)

>You seem to be using a nonstandard port externally, though. I don't know
>what the associated ftp-data port would be, perhaps it is still port 20?
>Try it out.

>--
>http://www.pc-tools.net/
>DOS, Win32, Linux software

 
 
 
Top

IIS-ftp-server behind linux firewall

Post by Matthias Riechma » Sat, 20 Jan 2001 19:45:41


I'm using the standard ftp-command (active mode) on SunOS 5.7.

On Fri, 19 Jan 2001 03:03:29 GMT, Lac Hao Viet


>What client do you have?



>> I'm running a linux Firewall (kernel 2.2.17) with IPChains (masq_ftp
>> installed). It connects the private Network to the Internet. Inside
>the
>> private network, there ist a Windows 2000 machine running the FTP-
>> Server included in the Microsoft IIS. To get a connection from the
>> internet to the FTP-Server I configured the following portmapping:

>> /usr/sbin/ipmasqadm portfw -a -P tcp -L $4 8021 -R ftp.xxxxx.de ftp
>> ($4 is the public IP of the firewall, ftp.xxxxx.de the ftp-server)

>> When I try to get a connection via FTP it works just fine, unless I
>try
>> to get some data (ie command "ls"). The client doesn't get any
>respond.
>> A tcpdump on the firewall shows the following: The server gets the
>> request, tries to establish a ftp-data connection but the client
>> doesn't respond.
>> I know this is a well known problem because I discovered many articels
>> about this topic - only help requests, no answers...

>> Sent via Deja.com
>> http://www.deja.com/

>Sent via Deja.com
>http://www.deja.com/

 
 
 
Top

1. FTP server behind linux firewall communicating w/ FTP behind linux firewall

I have a Windows-based FTP server (G6) behind a linux firewall box
running ipchain and ipmasqadm portfw rules to enable communication
with the out side world. I can connect to this server from the
outside, but PASV doesn't work. I have rules that allow ports above
1023 for the PASV traffic and I also had put the FTP server on a
haigher port other than 21.  I portfw'd the same port through to the
internal Windows machine running the ftp server as well as forwarding
the ftp-data. I have the ip_masq_ftp module loaded. I'm not sure why
PASV doesn't work.

Also, the other thing I'm trying to get working is communicating with
this same FTP server from a client within another linux-firewalled
(also using ipchains and portfw rules) LAN. I can connect, but can't
get any data transfers going, including directory listings, using
either PASV or regular FTP. I'm not sure if I should be forwarding
ftp-data to the internal machine running the ftp client.

What I ultimately want to do is be able to connect from a client
within on linux firewalled LAN to an ftp server inside another linux
firewalled LAN on a non-standard port and using PASV if possible. Any
help would be appreciated.

2. Reset Keyboard

3. FTP server behind on firewall FTP client behind another

4. ldconfig

5. Running IIS server behind Redhat 7.0 Firewall

6. Setting up the FS

7. IIS 4 behind Linux Firewall?

8. help: simple sed operation on multiple files

9. FTP - Client and FTP server behind firewalls

10. FTP client inside linux firewall communicating with FTP server inside another linux firewall

11. own FTP server behind linux firewall

12. FTP server behind linux firewall

13. Setting up an FTP server from behind an ISP's firewall


All times are UTC
Board index