problem with ftp client behind redhat 7.2 iptables firewall

problem with ftp client behind redhat 7.2 iptables firewall

Post by Chatchai Sae-Tun » Fri, 28 Dec 2001 04:46:35



I have Redhat 7.2 firewall running Iptables.  It loaded up ip_nat_ftp OK.
But when I log in to my company ftp [IIS 5] (and some others), I can log in
ok .  I can do commands like pwd, help, cd, etc.  But I can't do "ls" and
"dir", it will just freeze.  I have tried on the firewall itself, same
result.  Using IE on Windows client, it will just "searching for folders"
and then replied with "you don't have permission ....".  Using ftp on the RH
firewall, it will just freeze for a minute and not showing file list.  It
seems like only "ls" and "dir" don't work.
 
 
 

problem with ftp client behind redhat 7.2 iptables firewall

Post by Tr?ütm » Fri, 28 Dec 2001 05:42:36



Quote:>I have Redhat 7.2 firewall running Iptables.  It loaded up ip_nat_ftp
>OK. But when I log in to my company ftp [IIS 5] (and some others), I can
>log in ok .  I can do commands like pwd, help, cd, etc.  But I can't do
>"ls" and "dir", it will just freeze.  I have tried on the firewall
>itself, same result.  Using IE on Windows client, it will just
>"searching for folders" and then replied with "you don't have permission
>....".  Using ftp on the RH firewall, it will just freeze for a minute
>and not showing file list.  It seems like only "ls" and "dir" don't
>work.

Try using 'PASV' mode on your ftp client.

--
___________________________________________

    Mich?l Tr?tm?n
        http://www.troutman.org
        http://www.zen-data.com

 
 
 

problem with ftp client behind redhat 7.2 iptables firewall

Post by Chatchai Sae-Tun » Fri, 28 Dec 2001 06:22:28


At prompt, I've tried "passive".  It said passive mode is on.  Then, I tried
"ls" or "dir", same result.



> Try using 'PASV' mode on your ftp client.

>     Mich?l Tr?tm?n
> http://www.troutman.org
> http://www.zen-data.com

 
 
 

problem with ftp client behind redhat 7.2 iptables firewall

Post by Hal Burgis » Fri, 28 Dec 2001 06:25:40


On Wed, 26 Dec 2001 16:22:28 -0500, Chatchai Sae-Tung


> At prompt, I've tried "passive".  It said passive mode is on.  Then,
> I tried "ls" or "dir", same result.

Have you also done:

 modprobe ip_conntrack_ftp

?

--
Hal Burgiss

 
 
 

problem with ftp client behind redhat 7.2 iptables firewall

Post by Tr?ütm » Fri, 28 Dec 2001 06:56:52



Quote:>> At prompt, I've tried "passive".  It said passive mode is on.  Then,
>> I tried "ls" or "dir", same result.

>Have you also done:

> modprobe ip_conntrack_ftp

>?

He indicated that he was loading the module in the OP, but he should keep
in mind that the hourly rmmod cron process in Red Hat will remove the ftp
module.  

Based on Hal's suggestion, I would load the module and test before the
firewall clock reaches the hour.  If your problem is solved, then edit your
cron.hourly to remove the rmmod script.

Also - what does your syslog say?

--
___________________________________________

    Mich?l Tr?tm?n
        http://www.troutman.org
        http://www.zen-data.com

 
 
 

problem with ftp client behind redhat 7.2 iptables firewall

Post by Kasper Dupon » Fri, 28 Dec 2001 07:16:15



> He indicated that he was loading the module in the OP, but he should keep
> in mind that the hourly rmmod cron process in Red Hat will remove the ftp
> module.

Hourly? AFAIK they have been doing it every 10 minutes in
all distributions from 6.0 to 7.1. Has that been changed in
7.2?

I don't want to see the log messages from cron every 10
minutes so on my system I removed /etc/cron.d/kmod and
added a script to /etc/cron.hourly instead. But the default
was every 10 minutes.

Anyway it uses the -a option to rmmod so it will only
remove modules loaded with the -k option. To prevent
remove load the module without -k.

--
Kasper Dupont

 Notice: By sending SPAM (UCE/BCE) to this address, you are
accepting and agreeing to our charging a $1000 fee, per
email, for handling and processing, and you agree to pay any
and all costs for collecting this fee.

 
 
 

problem with ftp client behind redhat 7.2 iptables firewall

Post by Hal Burgis » Fri, 28 Dec 2001 07:59:13




>> He indicated that he was loading the module in the OP, but he should
>> keep in mind that the hourly rmmod cron process in Red Hat will
>> remove the ftp module.

> Hourly? AFAIK they have been doing it every 10 minutes in all
> distributions from 6.0 to 7.1. Has that been changed in 7.2?

I think it's gone in 7.2. At least on the clean install here. The
upgrades I did still do this, but interestingly:


/etc/cron.d/kmod.rpmsave:*/20 * * * *    root    /sbin/rmmod -a

still runs :/ (I changed the 10 to 20).

--
Hal Burgiss

 
 
 

problem with ftp client behind redhat 7.2 iptables firewall

Post by Tr?ütm » Fri, 28 Dec 2001 23:44:09



Quote:>Hourly? AFAIK they have been doing it every 10 minutes in
>all distributions from 6.0 to 7.1. Has that been changed in
>7.2?

I thought it was hourly.  It was one of the first things I removed on my
7.1 installs, so I have no idea how often it ran ;-)

--
___________________________________________

    Mich?l Tr?tm?n
        http://www.troutman.org
        http://www.zen-data.com

 
 
 

1. FTP server behind on firewall FTP client behind another

I have a Windows-based FTP server (G6) behind a linux firewall box
running ipchain and ipmasqadm portfw rules to enable communication
with the out side world. I can connect to this server from the
outside, but PASV doesn't work. I have rules that allow ports above
1023 for the PASV traffic and I also had put the FTP server on a
haigher port other than 21.  I portfw'd the same port through to the
internal Windows machine running the ftp server as well as forwarding
the ftp-data. I have the ip_masq_ftp module loaded. I'm not sure why
PASV doesn't work.

Also, the other thing I'm trying to get working is communicating with
this same FTP server from a client within another linux-firewalled
(also using ipchains and portfw rules) LAN. I can connect, but can't
get any data transfers going, including directory listings, using
either PASV or regular FTP. I'm not sure if I should be forwarding
ftp-data to the internal machine running the ftp client.

What I ultimately want to do is be able to connect from a client
within on linux firewalled LAN to an ftp server inside another linux
firewalled LAN on a non-standard port and using PASV if possible. Any
help would be appreciated.

2. Yggdrasil Fall '94! Any updates???

3. How to enable FTP clients behind iptables firewall

4. booting 2 versions of Solaris

5. ftp client behind iptables firewall

6. Small Memory Supplement file

7. FTP server behind linux firewall communicating w/ FTP behind linux firewall

8. Routing problem ...

9. ftp client (RedHat 7.2) problem ...

10. FTP - Client and FTP server behind firewalls

11. Conflict between POP server and iptables firewall on Redhat 7.2

12. PPTP client behind iptables firewall

13. - rc.DHCP.firewall (0/1) FTP on Mac behind IPTables...illegal port/cannot connect