Re: FTP behind NAT problem, with Ethereal trace.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/22/06, B Wooster <bwooster47@xxxxxxxxx> wrote:
> This problem just started recently - used to work a few months ago,
> now I'm trying to figure out what changed.
>
> Using proftpd, with MasqueradeAddress for PASV support.
>
> I looked at my NAT router (SMC Barricade), it looks fine.
> SSH from external sites work.
> FTP from localhost works.
> FTP from external sites fails.
>
> I can see that the NAT router is working fine - I did a telnet to port
> 21, here's what I got:
> telnet hostname.dynds....  21
> Trying <ip address>...
> Connected to hostname.dynds.... (<ip address>).
> Escape character is '^]'.
> 500 Sorry, no server available to handle request on 10.0.0.15
> Connection closed by foreign host.
>
> 10.0.0.15 is the IP address of the host that is running the SSH, FTP,
> etc servers.
> Clearly there is a FTP server there since doing a "ftp localhost" works on it.
>
> I am stumped, I ran proftpd in debug mode, and when I did a remote
> connect, I saw these lines in the output:bombay5.aczoom.home - ROOT
> PRIVS at main.c:1162
> hostname - RELINQUISH PRIVS at main.c:1166
> hostname - FS: using system lstat()
> hostname - FS: using system lstat()
> hostname - FS: using system lstat()
>
> That is not very helpful, so if anyone has any ideas where to start
> debugging, let me know.
>
> I captured packets using Ethereal, and just before the "Sorry, no
> server" message, I see this:
> DNS Standard Query PTR 15.0.0.10.in-addr.arpa
> with a respone: DNS No such name
> and then the next packet is the
> 500 Sorry, no server available to handle request on 10.0.0.15
>
> This is probably the crux of the issue - not sure why my Fedora FC3
> system is doing a DNS query for 10.0.0.15 - that is a local, private
> address.
>
> Any ideas on what to try next?

FTP is an interesting protocol.  If you are using firewall and NAT
make sure you fixup the FTP protocol.  I'm not sure how to do this on
the firewall you mentioned.  Take a look at this page too for some
more information about active and passive FTP: 
http://slacksite.com/other/ftp.html  I have a hunch the problem exists
in the Firewall.

You said FTP was working at some point in time?  Was it working behind
this NAT firewall before?

         -Mike


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux