August 11th, 2004 04:31 PM
problem connecting to a ftp server behind a firewall
We have a Red Hat linux 8 server configured with squid proxy and NAT. Our client machines are having Windows 2000 and Windows XP OS. We have a requirement to connect to an ftp server provided by our ISP from our windows client machines. The configuration of isp is also with NAT. The ftp server provided by ISP is behind a firewall. We are able to login to this server but no other commands are functioning including ls.
Also the same server hosts a web site. The browser returns an error message indicating: dns is not able to resolve the server IP.
When we replaced the linux server with a Windows 2000 server configured with ISA server (proxy), every thing works perfectly fine.
Please provide a solution.
August 11th, 2004 04:58 PM
Look into passive ftp, we had issues with ftp, still do from Internet Explorer, but we can issue the passive command, say form a command line ftp program, it seems to work fine. Also look into the iptable rules of ports 20 and 21, make sure data can freely flow back and forth. securely, of course.
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
August 11th, 2004 05:15 PM
Windows line command ftp doesnt have "PASV" feature. So you cant go to Passive mode.
On Netfilter (a.k.a. iptables) you must activated statefull inspection, using -m state --state tags.
I dont know on RH, but connection track must be loaded to statefull works for ftp.
Your symptom is: ftp-control session works (client--->server) but ftp-data doesnt (on active ftp is server side started)
On netfilter website (www.netfilter.org) is a good tutorial about ftp
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt.
If I die before I wake, I pray the Lord my soul to brake.