On Sat, 2004-11-20 at 11:52, Robert Slade wrote: > On Sat, 2004-11-20 at 01:05, Alexander Dalloz wrote: > > Am Fr, den 19.11.2004 schrieb Robert Slade um 12:52: > > > > > I have a similar problem to SJ, I have added ip_conntrack_ftp to the > > > iptables.config but this only partially solved the problem. > > > > > > In my case the ftp server has 2 NICs eth0 is on my local network and is > > > trusted - it is used for control eg SSH and VNC. eth1 has an external > > > IP. > > > > Did you try using the "ip_nat_ftp" iptables kernel module? > > Yes, I have both ip_conntrack_ftp and ip_nat_ftp listed. I have tried it > with only ip_conntrack_ftp loaded too. I still get the same results. > > > > > > I have the gateway for eth0 set as the internal gateway and for eth1 as > > > the external one, is this right? > > > > You shouldn't set gateway entries for each device individually. Remove > > entries if you have in /etc/sysconfig/network-scripts/ifcfg-eth[0,1] and > > set it only in /etc/sysconfig/network. > > Thanks Alexander. I have done as you suggest. I have only listed the > external gateway in /etc/sysconfig/network every this still works when I > connect to the server from my internal network, but not from an external > machine. I think the problem is with the firewall. Trouble is I am not > sure where to look to fix it. > > Rob I take that back. If I connect from a machine on the local network to the FTP external IP and issue a passive command to turn off passive mode, a ls command hangs after: 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. However, doing the same to the ftp server internal IP address works ok. Rob
