problem connecting to a ftp server behind a firewall
Results 1 to 3 of 3

Thread: problem connecting to a ftp server behind a firewall

  1. #1
    Junior Member
    Join Date
    Jan 2002
    Posts
    25

    problem connecting to a ftp server behind a firewall

    We have a Red Hat linux 8 server configured with squid proxy and NAT. Our client machines are having Windows 2000 and Windows XP OS. We have a requirement to connect to an ftp server provided by our ISP from our windows client machines. The configuration of isp is also with NAT. The ftp server provided by ISP is behind a firewall. We are able to login to this server but no other commands are functioning including ls.

    Also the same server hosts a web site. The browser returns an error message indicating: dns is not able to resolve the server IP.

    When we replaced the linux server with a Windows 2000 server configured with ISA server (proxy), every thing works perfectly fine.

    Please provide a solution.
    TIA

  2. #2
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Look into passive ftp, we had issues with ftp, still do from Internet Explorer, but we can issue the passive command, say form a command line ftp program, it seems to work fine. Also look into the iptable rules of ports 20 and 21, make sure data can freely flow back and forth. securely, of course.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Windows line command ftp doesnt have "PASV" feature. So you cant go to Passive mode.


    On Netfilter (a.k.a. iptables) you must activated statefull inspection, using -m state --state tags.

    I dont know on RH, but connection track must be loaded to statefull works for ftp.

    Your symptom is: ftp-control session works (client--->server) but ftp-data doesnt (on active ftp is server side started)

    On netfilter website (www.netfilter.org) is a good tutorial about ftp

    or here:
    http://slacksite.com/other/ftp.html#intro
    http://www.sns.ias.edu/~jns/security...track.html#FTP
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides