> I am having the same problem. I install the module but is does not help. I
> am running on an Linux Alpha. Does anybody know if this is an alpha only
> Here is what I get when I do an 'ls':
> Jun 24 01:04:03 EDT 1997) ready.
> User (sunsite.unc.edu:(none)): ftp
> 331 Guest login ok, send your complete e-mail address as password.
> 230 Guest login ok, access restrictions apply.
> ftp> ls
> 500 Illegal PORT Command
> 425 Can't build data connection: Connection refused.
> Any help is greatly appreciated,
> Thank you,
> Miguel Rivera
The problem is not in the masquerading, that part is working fine. The
problem is the FTP protocol itself.
When you establish a connection to an ftp server, it is on port 21.
This socket is called the control connection. Of course this is a
bi-directional socket because you see the output from the ftp server.
However, when the control connection asks for the remote server to
execute a command, such as 'ls', the ftp client also tells the server
"hey, send me the listing on port x". Where port x is an arbitrary
port, used only for that specific data. This also happens whenever a
file is requested. That socket is called the data connection.
The problem here, is that the server tries talking to the machine
running the masquerading kernel, which of course doesn't know a thing
about this incoming connection from the ftp server, so the connection is
being refused by your masquerading box and not the machine running ftp.
Which is exactly what should be happening.
The way you can get around this is to use an ftp client which uses the
PASV transfer method. Netscape does this all the time, and you may have
noticed that it works just fine for anonymous ftp. The PASV, or
passive, method tells the remote server to use the existing socket for
all transactions (one socket doubles as the control and data
If you really wanted to dig into the RFC's you could probably type in
the proper commands at the ftp prompt, but I'm not sure how to do that.
I hope this has removed a great deal of confusion. :)
> > Hi again,
> > I posted some masquerading problems this morning. By now I've
> > to get things to work almost!!! Not totally.
> > I found out, that due to some changes in the linux 2.0.30-kernel the
> > ipfwadm couldn't function good. So I compiled a version 2.0.29. I tried
> > invoke the ipfwadm-commands again. And it didn't gave any errors.
> > The only problem is, that ftp still isn't functioning properly.
> > I can establish a connection and login from the subnet, but once I try to
> > get a directory-listing, no data-connection can be established.
> > Does anyone have the answer??
> > Is ip-masquerading also giving troubles with other ports??? If so, how
> > I get those to work? I've read about compiling some extra modules.....
> > I hope someone can help me, I'm trying to get this all to work before
> > weekend, because then I've got a presentation.
> > Thanks in advance for all the help I receive.
> > Bye,
> > Hegget