[SOLVED] Re: ftp and passive mode

J.L. Coenders fedora at universalgrid.nl
Sat Aug 7 12:02:20 UTC 2004 

Thanks Doug,
I tried it and it worked fine. I think this probably it more secure than 
opening an entire range of ports on my firewall.

- Jeroen

On Tuesday 20 July 2004 12:36 pm, Doug Maurer wrote:
> On Tue, 2004-07-20 at 01:47, J.L. Coenders wrote:
> > I think that Doug made the mistake of not reading the replies to my
> > question, since I asked the same question quite recent. We are not the
> > same person.
> >
> > But Doug, can you post how your solution works? I now opened up a port
> > range in my firewall and I restricted vsftpd to those ports for passive
> > mode. But i now understand there is also another (better?) way to go.
> >
> > - Jeroen
>
> I put the following in two files. (they might be redundant, bu it works)
>
> /etc/modprobe.conf
> alias ip_conntrack ip_conntract_ftp ip_nat_ftp
>
> /etc/rc.local
>  /sbin/modprobe ip_conntract
> /sbin/modprobe  ip_conntrack_ftp
> /sbin/modprobe  ip_nat_ftp
>
> then rebooted
>
> > On Tuesday 20 July 2004 06:04 am, Edward wrote:
> > > Doug Maurer wrote:
> > > > I've asked this question before, but nothing has helped
> > > >
> > > > I'm trying to ftp out, I can log into a remote system (another FC2
> > > > system, mine, configured with vsftpd and NAT running.)
> > > >
> > > > on the local side I get
> > > > 227 Entering Passive Mode (x,x,x,x,80,76)
> > > > ftp: connect: No route to host
> > > >
> > > > I can log into another system like ftp.linux.ncsu.edu just fine.
> > > >
> > > > only thing is, its only this box, on the remote box I can ftp out to
> > > > another fc2/fc1, etc.. with no problem.
> > > >
> > > > the local box was just reloaded from scratch. with basic iptables
> > > > running.. with no local nat. and still get the error.
> > > >
> > > > does anyone have any idea, what might be causing this?
> > >
> > > Yes, the answers you got the first time you asked this will solve your
> > > problem.
> > >
> > > Instead of "Basic" iptables and all that you describe above, why don't
> > > you try (just temporarily) to run NO iptables whatsoever and see what
> > > that does?
> > >
> > > Seems logical to me.
> > >
> > > Regards,
> > > Ed.
>
> --
> Doug Maurer
> doug at dmaurer.net
> Linux user #299439

More information about the fedora-list mailing list