* ls delayed !!!
@ 2005-05-12 15:09 brunO
2005-05-15 19:03 ` Mogens Valentin
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: brunO @ 2005-05-12 15:09 UTC (permalink / raw)
To: NetFilter
Hello !
I am with following problem, I have ftp server functioning behind a
GATEWAY, the user effects login normally, obtains to create directory
and to remove directory, only has a problem that when the user tries to
list the content any directory, delays and it does not list the content,
appears the following acknowledgment of time-out connection, somebody
can help to decide this problem ?
Below I placed the procedure of login of user
Name (200.144.110.177:paul): user
331 Password required for user.
Password:XXXXX
230 User user logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (200,144,110,177,170,63)
Thanks !!!
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: ls delayed !!!
2005-05-12 15:09 ls delayed !!! brunO
@ 2005-05-15 19:03 ` Mogens Valentin
2005-05-16 0:56 ` Taylor, Grant
2005-05-16 20:53 ` Jason Opperisano
2 siblings, 0 replies; 4+ messages in thread
From: Mogens Valentin @ 2005-05-15 19:03 UTC (permalink / raw)
To: NetFilter; +Cc: brunO
brunO wrote:
> Hello !
>
> I am with following problem, I have ftp server functioning behind a
> GATEWAY, the user effects login normally, obtains to create directory
> and to remove directory, only has a problem that when the user tries to
> list the content any directory, delays and it does not list the content,
> appears the following acknowledgment of time-out connection, somebody
> can help to decide this problem ?
Could be that your ftp server doesn't allow listing contents.
> Below I placed the procedure of login of user
>
> Name (200.144.110.177:paul): user
> 331 Password required for user.
> Password:XXXXX
> 230 User user logged in.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 227 Entering Passive Mode (200,144,110,177,170,63)
Does your iptables allow passive or active ftp?
You say users can create/delete directories, indicating that passive ftp
does work, though..
--
Kind regards,
Mogens Valentin
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ls delayed !!!
2005-05-12 15:09 ls delayed !!! brunO
2005-05-15 19:03 ` Mogens Valentin
@ 2005-05-16 0:56 ` Taylor, Grant
2005-05-16 20:53 ` Jason Opperisano
2 siblings, 0 replies; 4+ messages in thread
From: Taylor, Grant @ 2005-05-16 0:56 UTC (permalink / raw)
To: NetFilter
> I am with following problem, I have ftp server functioning behind a
> GATEWAY, the user effects login normally, obtains to create directory
> and to remove directory, only has a problem that when the user tries to
> list the content any directory, delays and it does not list the content,
> appears the following acknowledgment of time-out connection, somebody
> can help to decide this problem ?
The first thing that comes to mind is that you probably do not have the ftp connection tracking helper complied in or the module loaded in to your kernel. This is a classic issue of your ftp connection not being able to get data back from the ftp server over it's data connection which is a different port than the command / control port. You might want to take a moment to read the RFC on ftp to bring your self up to date.
The timeout that you are alluding to is not really a timeout directly but rather the ftp server expecting you to connect to it on a different port to receive the output of the ls which you are likely never doing or if you are your firewall is blocking it. This is what the ftp connection tracking helper is meant to do, rather allow this 2nd connection to pass through the firewall based on the information that it saw on the command port.
Grant. . . .
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: ls delayed !!!
2005-05-12 15:09 ls delayed !!! brunO
2005-05-15 19:03 ` Mogens Valentin
2005-05-16 0:56 ` Taylor, Grant
@ 2005-05-16 20:53 ` Jason Opperisano
2 siblings, 0 replies; 4+ messages in thread
From: Jason Opperisano @ 2005-05-16 20:53 UTC (permalink / raw)
To: netfilter
On Thu, May 12, 2005 at 12:09:38PM -0300, brunO wrote:
> Hello !
>
> I am with following problem, I have ftp server functioning behind a
> GATEWAY, the user effects login normally, obtains to create directory
> and to remove directory, only has a problem that when the user tries to
> list the content any directory, delays and it does not list the content,
> appears the following acknowledgment of time-out connection, somebody
> can help to decide this problem ?
>
>
> Below I placed the procedure of login of user
>
> Name (200.144.110.177:paul): user
> 331 Password required for user.
> Password:XXXXX
> 230 User user logged in.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> ls
> 227 Entering Passive Mode (200,144,110,177,170,63)
assuming your FTP server is running on port 21:
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp (only if you're NAT-ing the server)
and allow RELATED connections through your FORWARD chain.
-j
--
"Lois: Stewie, why don't you go play in the other room.
Stewie: Why don't you burn in hell."
--Family Guy
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2005-05-16 20:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-05-12 15:09 ls delayed !!! brunO
2005-05-15 19:03 ` Mogens Valentin
2005-05-16 0:56 ` Taylor, Grant
2005-05-16 20:53 ` Jason Opperisano
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.