* illegal ftp port request / ip_nat_ftp
@ 2005-02-25 11:01 Tom - 2Ergo Technical Support
0 siblings, 0 replies; only message in thread
From: Tom - 2Ergo Technical Support @ 2005-02-25 11:01 UTC (permalink / raw)
To: netfilter
Hi there,
I'm seeing some funny behaviour on one of my debian woody firewalls. It
manifests itself when making an active ftp connection from a Snatted
client behind the firewall with the following error
ftp> ls
501 Illegal PORT command
ftp: bind: Address already in use
I have the ip_nat_ftp and ip_conntrack_ftp modules loaded and the
following version of iptables
ii iptables 1.2.6a-5 IP packet filter administration tools for 2.4.4+ kernels
The firewall is running a custom 2.4.26 kernel. I also have exactly the
same kernel and version of iptables running on another firewall, however
this does not display the same problems.
I have run ethereal to see what is going on and it appears that the
firewall is modifying the PORT command and sending too many parameters.
ie.
seen on the inside interface of the firewall:
PORT 192,168,1,2,179,133
which is ok
however when seen on the outside interface it appears as:
PORT 10,1,1,2,179,133,133
which has a superfluous '133' parameter
192,168,1,2 - private ip address
10,1,1,2 - public ip address
Any tips / advice / suggestions much appreciated.
Regards
Tom
--
Tom - 2Ergo Technical Support <tom.stockton@2ergo.com>
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2005-02-25 11:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-02-25 11:01 illegal ftp port request / ip_nat_ftp Tom - 2Ergo Technical Support
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox