Re: Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) (nfcan: addressed to exclusive sender for this address) sender for this address)

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jim Laurino <nfcan.x.jimlaur@dfgh.net>
To: netfilter@lists.netfilter.org
Subject: Re: Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) (nfcan: addressed to exclusive sender for this address)	sender for this address)
Date: Fri, 4 Nov 2005 00:00:32 -0500	[thread overview]
Message-ID: <20051104050032.GS14687@salty> (raw)
In-Reply-To: <436A6B94.6070305@pcraft.com> (from +nfcan+jimlaur+656ad77fee.ashley#pcraft.com@spamgourmet.com on Thu, Nov 03, 2005 at 14:57:08 -0500)

On 2005.11.03 14:57, Ashley M. Kirchner - ashley@pcraft.com wrote:
> Jim Laurino wrote:
>
...
>    I just got off the phone with the company and they made a small change in  
> our config.  Now, all the kiosks have to do is connect via FTP to their  
> server and drop a file.  That's it.  Nothing comes back, no inbound  
> connections to the kiosks.  Just going out.
> 
>    So, just out of curiosity, I decided to try doing a manual FTP transfer  
> from a completely different machine on the network.  One that CAN connect to  
> external ftp sites just fine and transfer files.  And this is what I see:
> 
>    - Open DOS window
>    - Connect to FTP server
>    - enter 'PUT file.xml' command
>    ...and that's where it hangs.
>
....
> 
>    Please remember that this is a machine onto which I CAN open an ftp  
> connection to anywhere in the world and be able to send and receive files  
> just fine.  So then why is it not working when going to these people?
> 
>    ---- FIVE MINUTES LATER ----
> 
>    I just tried directly from the firewall machine and found out they don't  
> allow PASSIVE mode ON... As soon as I turn passive mode off, the transfer,  
> FROM THE FIREWALL MACHINE, works.  (firewall machine has an external IP)
> 
>    So now I wonder, is it because of the passive mode setting they have?   
> Could that be why ftp transfers from within the firewall fails?
>

non-passive (active) FTP requires that
the outside ftp server be able to open
a secondary connection to the client.
That is why passive mode is so popular
when the ftp client is behind a firewall -
both of the connections are originated from the client,
and no ports have to be opened on the firewall
for the incoming secondary connection.

I was confused about this earlier,
and may have contributed to the confusion.

A clear explanation is here http://slacksite.com/other/ftp.html

So, it is possible that your firewall is not configured to allow
active mode ftp connections. (But it can be done).

HTH

-- 
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.

next prev parent reply	other threads:[~2005-11-04  5:00 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-01 18:06 iptables problem Ashley M. Kirchner
2005-11-02  0:31 ` Buddy wu
2005-11-02  1:29   ` Ashley M. Kirchner
2005-11-02  1:37     ` Buddy wu
2005-11-02  5:56     ` Rob Sterenborg
2005-11-02  7:20     ` Nikolai Georgiev
2005-11-02  8:01       ` Rob Sterenborg
2005-11-02 22:49         ` Ashley M. Kirchner
2005-11-03  6:19           ` Rob Sterenborg
2005-11-03  6:45             ` Ashley M. Kirchner
2005-11-03 15:21               ` Re: iptables problem (nfcan: addressed to exclusive sender for this address) Jim Laurino
2005-11-03 16:02                 ` Ashley M. Kirchner
2005-11-03 16:23                   ` Sven Schuster
2005-11-03 17:17                     ` Re: iptables problem (nfcan: addressed to exclusivesender " Rob Sterenborg
2005-11-03 17:00                   ` Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) sender " Jim Laurino
2005-11-03 19:57                     ` Ashley M. Kirchner
2005-11-04  5:00                       ` Jim Laurino [this message]
2005-11-04  5:06                         ` Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) " Ashley M. Kirchner
2005-11-04  6:04                           ` Rob Sterenborg
2005-11-03 21:54             ` Re: iptables problem R. DuFresne
2005-11-04  0:51               ` Ashley M. Kirchner
2005-11-04  3:18                 ` R. DuFresne
2005-11-04  4:26                   ` Ashley M. Kirchner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051104050032.GS14687@salty \
    --to=nfcan.x.jimlaur@dfgh.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.