Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
FTP problem ...
stran at immostreet
Aug 6, 2001, 8:40 AM
Post #1 of 4 (798 views)
Permalink
Hello everybody,

I have setup my first iptables firewall that protects my LAN.

From a "masqueraded" machine, I can make a FTP to the FW box.

But when I try to FTP to a machine from in the Internet using SNAT,
I have the following errors :

...
230 : user john logged in.
ftp> ls
500 : illegal PORT command
425 : can't build data connection : Connection refused

I would appreciate any help.

Many thanks.

Sam
Re: FTP problem ... [ In reply to ]
stran at immostreet
Aug 6, 2001, 8:50 AM
Post #2 of 4 (790 views)
Permalink
"modprobe ip_nat_ftp" has solved my problem.

Sam

Samuel Tran wrote:

> Hello everybody,
>
> I have setup my first iptables firewall that protects my LAN.
>
> From a "masqueraded" machine, I can make a FTP to the FW box.
>
> But when I try to FTP to a machine from in the Internet using SNAT,
> I have the following errors :
>
> ...
> 230 : user john logged in.
> ftp> ls
> 500 : illegal PORT command
> 425 : can't build data connection : Connection refused
>
> I would appreciate any help.
>
> Many thanks.
>
> Sam
Re: FTP problem ... [ In reply to ]
jp at carpediem
Aug 6, 2001, 8:59 AM
Post #3 of 4 (794 views)
Permalink
Do you just try the passive command ?

Jean-Philippe

Samuel Tran wrote:
>
> Hello everybody,
>
> I have setup my first iptables firewall that protects my LAN.
>
> From a "masqueraded" machine, I can make a FTP to the FW box.
>
> But when I try to FTP to a machine from in the Internet using SNAT,
> I have the following errors :
>
> ...
> 230 : user john logged in.
> ftp> ls
> 500 : illegal PORT command
> 425 : can't build data connection : Connection refused
>
> I would appreciate any help.
>
> Many thanks.
>
> Sam
Re: FTP problem ... [ In reply to ]
badr at giki
Aug 6, 2001, 9:33 AM
Post #4 of 4 (796 views)
Permalink
If I remember correctly, ip_nat_ftp or ip_conntrack etc has been found to
contains a bug! search the archives for details

-B

On Mon, 6 Aug 2001, Jean-Philippe Le [iso-8859-1] Hénaff wrote:

> Do you just try the passive command ?
>
> Jean-Philippe
>
> Samuel Tran wrote:
> >
> > Hello everybody,
> >
> > I have setup my first iptables firewall that protects my LAN.
> >
> > From a "masqueraded" machine, I can make a FTP to the FW box.
> >
> > But when I try to FTP to a machine from in the Internet using SNAT,
> > I have the following errors :
> >
> > ...
> > 230 : user john logged in.
> > ftp> ls
> > 500 : illegal PORT command
> > 425 : can't build data connection : Connection refused
> >
> > I would appreciate any help.
> >
> > Many thanks.
> >
> > Sam
>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal