Re: Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) (nfcan: addressed to exclusive sender for this address) sender for this address)

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Jim Laurino <nfcan.x.jimlaur@dfgh.net>
To: netfilter@lists.netfilter.org
Subject: Re: Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) (nfcan: addressed to exclusive sender for this address)	sender for this address)
Date: Fri, 4 Nov 2005 00:00:32 -0500	[thread overview]
Message-ID: <20051104050032.GS14687@salty> (raw)
In-Reply-To: <436A6B94.6070305@pcraft.com> (from +nfcan+jimlaur+656ad77fee.ashley#pcraft.com@spamgourmet.com on Thu, Nov 03, 2005 at 14:57:08 -0500)

On 2005.11.03 14:57, Ashley M. Kirchner - ashley@pcraft.com wrote:
> Jim Laurino wrote:
>
...
>    I just got off the phone with the company and they made a small change in  
> our config.  Now, all the kiosks have to do is connect via FTP to their  
> server and drop a file.  That's it.  Nothing comes back, no inbound  
> connections to the kiosks.  Just going out.
> 
>    So, just out of curiosity, I decided to try doing a manual FTP transfer  
> from a completely different machine on the network.  One that CAN connect to  
> external ftp sites just fine and transfer files.  And this is what I see:
> 
>    - Open DOS window
>    - Connect to FTP server
>    - enter 'PUT file.xml' command
>    ...and that's where it hangs.
>
....
> 
>    Please remember that this is a machine onto which I CAN open an ftp  
> connection to anywhere in the world and be able to send and receive files  
> just fine.  So then why is it not working when going to these people?
> 
>    ---- FIVE MINUTES LATER ----
> 
>    I just tried directly from the firewall machine and found out they don't  
> allow PASSIVE mode ON... As soon as I turn passive mode off, the transfer,  
> FROM THE FIREWALL MACHINE, works.  (firewall machine has an external IP)
> 
>    So now I wonder, is it because of the passive mode setting they have?   
> Could that be why ftp transfers from within the firewall fails?
>

non-passive (active) FTP requires that
the outside ftp server be able to open
a secondary connection to the client.
That is why passive mode is so popular
when the ftp client is behind a firewall -
both of the connections are originated from the client,
and no ports have to be opened on the firewall
for the incoming secondary connection.

I was confused about this earlier,
and may have contributed to the confusion.

A clear explanation is here http://slacksite.com/other/ftp.html

So, it is possible that your firewall is not configured to allow
active mode ftp connections. (But it can be done).

HTH

-- 
Jim Laurino
nfcan.x.jimlaur@dfgh.net
Please reply to the list.
Only mail from the listserver reaches this address.

next prev parent reply	other threads:[~2005-11-04  5:00 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-01 18:06 iptables problem Ashley M. Kirchner
2005-11-02  0:31 ` Buddy wu
2005-11-02  1:29   ` Ashley M. Kirchner
2005-11-02  1:37     ` Buddy wu
2005-11-02  5:56     ` Rob Sterenborg
2005-11-02  7:20     ` Nikolai Georgiev
2005-11-02  8:01       ` Rob Sterenborg
2005-11-02 22:49         ` Ashley M. Kirchner
2005-11-03  6:19           ` Rob Sterenborg
2005-11-03  6:45             ` Ashley M. Kirchner
2005-11-03 15:21               ` Re: iptables problem (nfcan: addressed to exclusive sender for this address) Jim Laurino
2005-11-03 16:02                 ` Ashley M. Kirchner
2005-11-03 16:23                   ` Sven Schuster
2005-11-03 17:17                     ` Re: iptables problem (nfcan: addressed to exclusivesender " Rob Sterenborg
2005-11-03 17:00                   ` Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) sender " Jim Laurino
2005-11-03 19:57                     ` Ashley M. Kirchner
2005-11-04  5:00                       ` Jim Laurino [this message]
2005-11-04  5:06                         ` Re: iptables problem (nfcan: addressed to exclusive (nfcan: addressed to exclusive sender for this address) " Ashley M. Kirchner
2005-11-04  6:04                           ` Rob Sterenborg
2005-11-03 21:54             ` Re: iptables problem R. DuFresne
2005-11-04  0:51               ` Ashley M. Kirchner
2005-11-04  3:18                 ` R. DuFresne
2005-11-04  4:26                   ` Ashley M. Kirchner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20051104050032.GS14687@salty \
    --to=nfcan.x.jimlaur@dfgh.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox