Re: ftp server issue, trying to DL 1.2.7a

["wickedsun" <wickedsun@phreaker.net>]

[-- Attachment #1: Type: Text/Plain, Size: 1556 bytes --]

I've had this issue back in the ipchains days. :)
Its quite simple. If you make iptables change your destination IP for a
certain port (like the module for FTP used to do in 2.2) well passive does
not work because it changes your IP address on the fly. If you have made a
port work for active, passive will not work on that same port.

I dont think there is any workaround (yet). It is a pain, because if you
want to FTP and FXP from a port X, you'll have to stay in passive mode.

 
-------Original Message-------
 
From: Antony Stone
Date: Thursday, September 05, 2002 14:56:10
To: netfilter@lists.netfilter.org
Subject: Re: ftp server issue, trying to DL 1.2.7a
 
On Thursday 05 September 2002 6:29 pm, Rob wrote:

> Anyone else having this problem?
>
>
> Connected to ftp.iptables.org (62.128.28.62).
> 220 ProFTPD 1.2.5rc1 Server (netfilter/iptables FTP site) [kashyyyk]
> Name (ftp.iptables.org:root): anonymous
> 331 Anonymous login ok, send your complete email address as your password.
> Password:
> 230 Anonymous access granted, restrictions apply.
> Remote system type is UNIX.
> Using binary mode to transfer files.
> ftp> dir
> 227 Entering Passive Mode (62,128,28,62,182,53).

Works fine for me in active mode:

drwxr-xr-x 2 ftpuser ftpgroup 4096 Jul 22 14:45 incoming
drwxr-xr-x 7 ftpuser ftpgroup 4096 Jul 24 07:36 pub

But like you, I can't get a listing in passive mode.....

Antony.

-- 

This email was created using 100% recycled electrons.


. 

[-- Attachment #2: Type: Text/HTML, Size: 3102 bytes --]

<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="IncrediMail 1.0" name=GENERATOR>
<!--IncrdiXMLRemarkStart>
<IncrdiX-Info>
<X-FID>FLAVOR00-NONE-0000-0000-000000000000</X-FID>
<X-FVER></X-FVER>
<X-CNT>;</X-CNT>
</IncrdiX-Info>
<IncrdiXMLRemarkEnd-->
</HEAD>
<BODY style="BACKGROUND-POSITION: 0px 0px; FONT-SIZE: 12pt; MARGIN: 5px 10px 10px; FONT-FAMILY: Arial" bgColor=#ffffff background="" scroll=yes ORGYPOS="0" X-FVER="3.0">
<TABLE id=INCREDIMAINTABLE cellSpacing=0 cellPadding=2 width="100%" border=0>
<TBODY>
<TR>
<TD id=INCREDITEXTREGION style="FONT-SIZE: 12pt; CURSOR: auto; FONT-FAMILY: Arial" width="100%">
<DIV>I've had this issue back in the ipchains days. :)</DIV>
<DIV>Its quite simple. If you make iptables change your destination IP for a certain port (like the module for FTP used to do in 2.2) well passive does not work because it changes your IP address on the fly. If you have made a port work for active, passive will not work on that same port.</DIV>
<DIV>&nbsp;</DIV>
<DIV>I dont think there is any workaround (yet). It is a pain, because if you want to FTP and FXP from a port X, you'll have to stay in passive mode.</DIV>
<DIV><BR>&nbsp;</DIV>
<DIV id=IncrediOriginalMessage><I>-------Original Message-------</I></DIV>
<DIV>&nbsp;</DIV>
<DIV id=receivestrings>
<DIV dir=ltr style="FONT-SIZE: 11pt" <i><B>From:</B></I> <A href="mailto:Antony@Soft-Solutions.co.uk">Antony Stone</A></DIV>
<DIV dir=ltr style="FONT-SIZE: 11pt" <i><B>Date:</B></I> Thursday, September 05, 2002 14:56:10</DIV>
<DIV dir=ltr style="FONT-SIZE: 11pt" <i><B>To:</B></I> <A href="mailto:netfilter@lists.netfilter.org">netfilter@lists.netfilter.org</A></DIV>
<DIV dir=ltr style="FONT-SIZE: 11pt" <i><B>Subject:</B></I> Re: ftp server issue, trying to DL 1.2.7a</DIV></DIV>
<DIV>&nbsp;</DIV>On Thursday 05 September 2002 6:29 pm, Rob wrote:<BR><BR>&gt; Anyone else having this problem?<BR>&gt;<BR>&gt;<BR>&gt; Connected to ftp.iptables.org (62.128.28.62).<BR>&gt; 220 ProFTPD 1.2.5rc1 Server (netfilter/iptables FTP site) [kashyyyk]<BR>&gt; Name (ftp.iptables.org:root): anonymous<BR>&gt; 331 Anonymous login ok, send your complete email address as your password.<BR>&gt; Password:<BR>&gt; 230 Anonymous access granted, restrictions apply.<BR>&gt; Remote system type is UNIX.<BR>&gt; Using binary mode to transfer files.<BR>&gt; ftp&gt; dir<BR>&gt; 227 Entering Passive Mode (62,128,28,62,182,53).<BR><BR>Works fine for me in active mode:<BR><BR>drwxr-xr-x 2 ftpuser ftpgroup 4096 Jul 22 14:45 incoming<BR>drwxr-xr-x 7 ftpuser ftpgroup 4096 Jul 24 07:36 pub<BR><BR>But like you, I can't get a listing in passive mode.....<BR><BR>Antony.<BR><BR>-- <BR><BR>This email was created using 100% recycled electrons.<BR><BR><BR>. </TD></TR>
<TR>
<TD id=INCREDIFOOTER width="100%">
<TABLE cellSpacing=0 cellPadding=0 width="100%">
<TBODY>
<TR>
<TD width="100%"></TD>
<TD id=INCREDISOUND vAlign=bottom align=middle></TD>
<TD id=INCREDIANIM vAlign=bottom align=middle></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></BODY></HTML>