Try using 'PASV' mode on your ftp client.Quote:>I have Redhat 7.2 firewall running Iptables. It loaded up ip_nat_ftp
>OK. But when I log in to my company ftp [IIS 5] (and some others), I can
>log in ok . I can do commands like pwd, help, cd, etc. But I can't do
>"ls" and "dir", it will just freeze. I have tried on the firewall
>itself, same result. Using IE on Windows client, it will just
>"searching for folders" and then replied with "you don't have permission
>....". Using ftp on the RH firewall, it will just freeze for a minute
>and not showing file list. It seems like only "ls" and "dir" don't
> Try using 'PASV' mode on your ftp client.
> Mich?l Tr?tm?n
He indicated that he was loading the module in the OP, but he should keepQuote:>> At prompt, I've tried "passive". It said passive mode is on. Then,
>> I tried "ls" or "dir", same result.
>Have you also done:
> modprobe ip_conntrack_ftp
Based on Hal's suggestion, I would load the module and test before the
firewall clock reaches the hour. If your problem is solved, then edit your
cron.hourly to remove the rmmod script.
Also - what does your syslog say?
> He indicated that he was loading the module in the OP, but he should keep
> in mind that the hourly rmmod cron process in Red Hat will remove the ftp
I don't want to see the log messages from cron every 10
minutes so on my system I removed /etc/cron.d/kmod and
added a script to /etc/cron.hourly instead. But the default
was every 10 minutes.
Anyway it uses the -a option to rmmod so it will only
remove modules loaded with the -k option. To prevent
remove load the module without -k.
Notice: By sending SPAM (UCE/BCE) to this address, you are
accepting and agreeing to our charging a $1000 fee, per
email, for handling and processing, and you agree to pay any
and all costs for collecting this fee.
>> He indicated that he was loading the module in the OP, but he should
>> keep in mind that the hourly rmmod cron process in Red Hat will
>> remove the ftp module.
> Hourly? AFAIK they have been doing it every 10 minutes in all
> distributions from 6.0 to 7.1. Has that been changed in 7.2?
/etc/cron.d/kmod.rpmsave:*/20 * * * * root /sbin/rmmod -a
still runs :/ (I changed the 10 to 20).
I thought it was hourly. It was one of the first things I removed on myQuote:>Hourly? AFAIK they have been doing it every 10 minutes in
>all distributions from 6.0 to 7.1. Has that been changed in
I have a Windows-based FTP server (G6) behind a linux firewall box
running ipchain and ipmasqadm portfw rules to enable communication
with the out side world. I can connect to this server from the
outside, but PASV doesn't work. I have rules that allow ports above
1023 for the PASV traffic and I also had put the FTP server on a
haigher port other than 21. I portfw'd the same port through to the
internal Windows machine running the ftp server as well as forwarding
the ftp-data. I have the ip_masq_ftp module loaded. I'm not sure why
PASV doesn't work.
Also, the other thing I'm trying to get working is communicating with
this same FTP server from a client within another linux-firewalled
(also using ipchains and portfw rules) LAN. I can connect, but can't
get any data transfers going, including directory listings, using
either PASV or regular FTP. I'm not sure if I should be forwarding
ftp-data to the internal machine running the ftp client.
What I ultimately want to do is be able to connect from a client
within on linux firewalled LAN to an ftp server inside another linux
firewalled LAN on a non-standard port and using PASV if possible. Any
help would be appreciated.