Re: fc3 ftp connects but not working (Solved)

[Jim Cornette <fc-cornette@xxxxxxxxxxxxxx>]

Barry Yu wrote:
> Craig White wrote:
>
> > On Sun, 2005-02-20 at 08:57 +0800, Barry Yu wrote:
> >  
> >
> > > I connect to an XP ftp server the connection is made but can't go on 
> > > further to do anything, below are what happened;
> > >
> > > ***************
> > > [root@station-3 ~]# ftp 192.168.1.111
> > > Connected to 192.168.1.111.
> > > 220-Microsoft FTP Service
> > >   
> > > ---------------------------------------------------------------------------- 
> > >
> > >    This is XP FTP server
> > > 220 
> > > ---------------------------------------------------------------------------- 
> > >
> > > 500 'AUTH GSSAPI': command not understood
> > > 500 'AUTH KERBEROS_V4': command not understood
> > > KERBEROS_V4 rejected as an authentication type
> > > Name (192.168.1.111:root): myname
> > > 331 Password required for myname.
> > > Password: mypassword
> > > 230-Welcom to The XP FTP server
> > > 230 User myname logged in.
> > > Remote system type is Windows_NT.
> > > ftp> passive
> > > Passive mode off.
> > > ftp> ls
> > > 200 PORT command successful.
> > > 150 Opening ASCII mode data connection for /bin/ls.
> > >
> > > (The cursor just hangs for ever and not responding)
> > >
> > > *******************
> > > In my machine I have multiboot system, XP, fc1, fc3, except fc3 other 
> > > 2 O/S can connect to that ftp server and download file from it.
> > > Any advice is appreciated.
> > >   
> >
> > ----
> > seems like a firewall issue...
> >
> > insmod ipconntrack
> > insmod inconntrack_ftp
> >
> > see if those commands help
> >
> > Craig
> >
> >  
> Craig you are right, it is a security issue, when I check the System 
> setting->Security Lever, the Trusted device eth0 was not checked. After 
> I check it, the ftp is working now.Tks.

I believe that selecting eth0 as a trusted device opens your computer to 
 a state that is like having no firewall at all. If it goes to the 
outside world, it would not be good. To go to a local network where 
trust is not an issue, it might be safe enough to allow.

You might want to check into what allowing a device does. I believe the 
issue was discussed either on one of the early redhat lists or on our 
local lug. (About a year back).

Regarding ftp it would be great if everything was setup to work when you 
choose ftp in the securitylevel. I stop iptables myself, ftp the files 
over, then restart iptables. (computer to computer, no external 
network). I never tried adding the modules suggested above. This is 
probably the best solution for long term ftp usage.

Alexander had a good explanation regarding how the modules worked and 
references to ports about a month back.

Jim

--
Politics and the fate of mankind are formed by men without ideals and 
without
greatness.  Those who have greatness within them do not go in for politics.
		-- Albert Camus