From mboxrd@z Thu Jan 1 00:00:00 1970 From: "wickedsun" Subject: Re: ftp server issue, trying to DL 1.2.7a Date: Thu, 5 Sep 2002 18:00:25 -0400 (Eastern Daylight Time) Sender: netfilter-admin@lists.netfilter.org Message-ID: <3D77D3F9.000003.00568@athlon1000> References: <200209051832.g85IWIv01221@vulcan.rissington.net> Mime-Version: 1.0 Content-Type: Multipart/Alternative; boundary="------------Boundary-00=_PSJZG6G0000000000000" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org --------------Boundary-00=_PSJZG6G0000000000000 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I've had this issue back in the ipchains days. :)=0D Its quite simple. If you make iptables change your destination IP for a certain port (like the module for FTP used to do in 2.2) well passive doe= s not work because it changes your IP address on the fly. If you have made = a port work for active, passive will not work on that same port.=0D =0D I dont think there is any workaround (yet). It is a pain, because if you want to FTP and FXP from a port X, you'll have to stay in passive mode.=0D =0D =0D -------Original Message-------=0D =0D From: Antony Stone=0D Date: Thursday, September 05, 2002 14:56:10=0D To: netfilter@lists.netfilter.org=0D Subject: Re: ftp server issue, trying to DL 1.2.7a=0D =0D On Thursday 05 September 2002 6:29 pm, Rob wrote:=0D =0D > Anyone else having this problem?=0D >=0D >=0D > Connected to ftp.iptables.org (62.128.28.62).=0D > 220 ProFTPD 1.2.5rc1 Server (netfilter/iptables FTP site) [kashyyyk]=0D > Name (ftp.iptables.org:root): anonymous=0D > 331 Anonymous login ok, send your complete email address as your passwo= rd.=0D > Password:=0D > 230 Anonymous access granted, restrictions apply.=0D > Remote system type is UNIX.=0D > Using binary mode to transfer files.=0D > ftp> dir=0D > 227 Entering Passive Mode (62,128,28,62,182,53).=0D =0D Works fine for me in active mode:=0D =0D drwxr-xr-x 2 ftpuser ftpgroup 4096 Jul 22 14:45 incoming=0D drwxr-xr-x 7 ftpuser ftpgroup 4096 Jul 24 07:36 pub=0D =0D But like you, I can't get a listing in passive mode.....=0D =0D Antony.=0D =0D -- =0D =0D This email was created using 100% recycled electrons.=0D =0D =0D =2E=20 --------------Boundary-00=_PSJZG6G0000000000000 Content-Type: Text/HTML; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

I've had this issue back in the ipchains days. :)

Its quite simple. If you make iptables change your destination IP fo= r a certain port (like the module for FTP used to do in 2.2) well passive= does not work because it changes your IP address on the fly. If you have= made a port work for active, passive will not work on that same port.

I dont think there is any workaround (yet). It is a pain, because if= you want to FTP and FXP from a port X, you'll have to stay in passive mo= de.

-------Original Message-------

From: Antony Stone

Date: Thursday, Se= ptember 05, 2002 14:56:10

To: netfilter@lists.netfilter.org

Subject: Re: ftp s= erver issue, trying to DL 1.2.7a

On Thursday 05 September 2002 6:29 pm, Rob wrote:
> Anyone else having this problem?
>
>
> Connected = to ftp.iptables.org (62.128.28.62).
> 220 ProFTPD 1.2.5rc1 Server (= netfilter/iptables FTP site) [kashyyyk]
> Name (ftp.iptables.org:ro= ot): anonymous
> 331 Anonymous login ok, send your complete email a= ddress as your password.
> Password:
> 230 Anonymous access g= ranted, restrictions apply.
> Remote system type is UNIX.
> U= sing binary mode to transfer files.
> ftp> dir
> 227 Enter= ing Passive Mode (62,128,28,62,182,53).

Works fine for me in activ= e mode:

drwxr-xr-x 2 ftpuser ftpgroup 4096 Jul 22 14:45 incomingdrwxr-xr-x 7 ftpuser ftpgroup 4096 Jul 24 07:36 pub

But like you= , I can't get a listing in passive mode.....

Antony.

--
This email was created using 100% recycled electrons.

. <= /TD>

--------------Boundary-00=_PSJZG6G0000000000000--