ftp trouble (2) - routing?
Robert Slade
robert at bathnetworks.com
Sat Nov 20 12:16:43 UTC 2004
On Sat, 2004-11-20 at 11:52, Robert Slade wrote:
> On Sat, 2004-11-20 at 01:05, Alexander Dalloz wrote:
> > Am Fr, den 19.11.2004 schrieb Robert Slade um 12:52:
> >
> > > I have a similar problem to SJ, I have added ip_conntrack_ftp to the
> > > iptables.config but this only partially solved the problem.
> > >
> > > In my case the ftp server has 2 NICs eth0 is on my local network and is
> > > trusted - it is used for control eg SSH and VNC. eth1 has an external
> > > IP.
> >
> > Did you try using the "ip_nat_ftp" iptables kernel module?
>
> Yes, I have both ip_conntrack_ftp and ip_nat_ftp listed. I have tried it
> with only ip_conntrack_ftp loaded too. I still get the same results.
>
> >
> > > I have the gateway for eth0 set as the internal gateway and for eth1 as
> > > the external one, is this right?
> >
> > You shouldn't set gateway entries for each device individually. Remove
> > entries if you have in /etc/sysconfig/network-scripts/ifcfg-eth[0,1] and
> > set it only in /etc/sysconfig/network.
>
> Thanks Alexander. I have done as you suggest. I have only listed the
> external gateway in /etc/sysconfig/network every this still works when I
> connect to the server from my internal network, but not from an external
> machine. I think the problem is with the firewall. Trouble is I am not
> sure where to look to fix it.
>
> Rob
I take that back. If I connect from a machine on the local network to
the FTP external IP and issue a passive command to turn off passive
mode, a ls command hangs after:
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
However, doing the same to the ftp server internal IP address works ok.
Rob
More information about the fedora-list
mailing list