Re: ftp windoze <- fc3 works fine, ftp fc3 <- fc3 doesn't work? (for me)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bob Brennan wrote:
On Mon, 14 Mar 2005 14:23:24 +0000, Paul Howarth <paul@xxxxxxxxxxxx> wrote: 
I suspect that there is a problem with NAT at either the client or
server end. A special ftp-aware address-conversion filter is needed in
the firewall setup to make NAT with ftp work properly.



An ADSL router does the NAT conversion for me but since I run the main
server on 10.0.0.10 and an emergency backup server on 10.0.0.11 I
leave all ports open on the router, switch the NAT setting to "all
incoming ports go to 10.0.0.[the one I want], and do all firewalling
on the FC3 box(es).

But since "pass off" makes FC3 ftp work and Windoze ftp works all the
time surely neither NAT nor firewalling can be the issue(?)

How do you know Windoze ftp works all the time? Have you tried it with an ftp client that is capable of working in passive mode (the regular Windows ftp client can't do this)?

ftp> ls
227 Entering Passive Mode (xx,xxx,xxx,xx,xxx,xxx).
ftp: connect: No route to host


Is there a layer of network address translation going on between client
and server?



The symptoms are the same using an identical FC3 machine on the same
LAN, from machine 10.0.0.11 to machine 10.0.0.10


If you're actually using addresses 10.x.x.x, you could show the
addresses in use in the ftp dialogs instead of "x"ing them out. If the
address shown as "xxx"s in:

227 Entering Passive Mode (xx,xxx,xxx,xx,xxx,xxx)

does not look like a 10.x.x.x address then the server does not think
it's talking to a machine at 10.x.x.x and hence sends the response to
the wrong place.



At the moment I am ftping the server from miles-away hence the x's
would have revealed the real external IP of my server. The point I was
trying to make with the tests from 10.0.0.11 is that it made no
difference there or remotely - Windoze worked but FC3 would not.

Please show the addresses being used when you're using the LAN-based FC3 client, which won't give away any "secret" addresses.

But all will be well now once I configure proFTP to accept passive
mode (but I won't do that if it breaks the Windoze access) and/or warn
the user to use passive mode and binary just after connecting.

Your brain is still out of gear. It is passive mode that's broken. "Pass off" turns *off* passive mode.

ProFTPD is perfectly capable of using passive mode correctly. The problem is most likely in the firewall settings somewhere.

> At least Linux users will be savy enough (one hopes) to know what
entering "pass off" means. 

One can hope but one may be disappointed...

Paul.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux