[Lancaster] Firewall problem

andy baxter andy at earthsong.free-online.co.uk
Sat Sep 19 13:28:32 UTC 2009 

Had another look at your email, and it does seem like the problem is 
with your firewall, but it's hard to see what's causing it.

Are you sure you have both ports 20 /and/ 21 open? You could test this 
in principle by shutting down vsftp on the linux box (but not the 
firewall), and running netcat as a tcp-server on the linux box, on first 
port 21 then 20. (Netcat is a command line tool which lets you set up 
simple on-the-fly servers on different ports). Then see what happens if 
you use windows's telnet program to connect to the netcat server - any 
text you type into telnet should be echoed by netcat.

Another thought - are there any windows clients that will connect using 
sftp? If you did that, you could just run ssh on the linux box, which 
uses just a single port and doesn't have so many setup options I think.

andy

andy baxter wrote:
> Hi ken,
>
> As far as I know windows will use the same two ports - 20 and 21. Are 
> you sure the problem is with the firewall? I haven't followed your 
> description of the problem that well, but another possibility might be 
> that the ftp client you're using uses an ftp mode that your server 
> doesn't like. There are quite a few different options for how an ftp 
> transfer is set up, including the active/passive thing I said about, so 
> maybe you just need to use a different client on the windows box, or 
> configure it or the server differently?
>
> One thing you could try if you're desperate is to install a packet 
> logger (does wireshark work in windows?) and use that to see what's 
> going on when you try to connect.
>
> andy
>
> Ken Hough wrote:
>   
>> Andy,
>>
>> Thanks for your suggestion.
>>
>> I've just tried using the simple terminal ftp client that's included with 
>> Windows XP and this works OK with firewalls active on both my laptop and my 
>> Linux box.
>>
>> So it looks like the basic vsftp setup is OK.
>>
>> The problem occurs when I try to use 'windows' to do the job. ie either 
>> via "My Computer" and "My Network Places", or via Firefox. Both of these work 
>> if I disable the firewall on my Linux box, so it seems that for 'windows' 
>> operation, (an)other port/ports is/are used.
>>
>> Has anyone any suggestions as to what this/these might be?
>>
>> The reason that I want to sort this out is because:
>>
>> 1. I like to get things working. ;-)
>>
>> 2. I need to use XP to run Windows only software on my laptop to control a 
>> motor driven equatorial mount and my astro camera(s), but I intend to 
>> process/manage the captured images on my desktop PC under running Linux.
>>
>> 3. There can be a lot of Image files, each of several MB up to possibly 
>> hundreds of MB, so fiddling with USB memory sticks is a pain. Much better to 
>> transfer via ftp/ethernet.
>>
>> 4. I did have a look at setting up a SAMBA server, but for Windows XP this 
>> seems to be a lot more complicated than for ftp.
>>
>> Regards
>>
>> Ken Hough
>>
>>
>> On Friday 18 September 2009 18:34:31 you wrote:
>>   
>>     
>>> Ken Hough wrote:
>>>     
>>>       
>>>> Hi Guys,
>>>>
>>>> Can anyone help me with a firewall problem.
>>>>
>>>> I'm trying use my T42 Thinkpad to access an ftp server that is running on
>>>> my desktop PC. The T42 runs Windows XP (yes, I know, but I need it to run
>>>> some astro software). The desktop PC runs openSUSE v11.1.
>>>>
>>>> I'm using vsftp which is clearly configured OK and can be accessed from
>>>> the T42, provided that I turn off the firewall on the Linux machine.
>>>>
>>>> OpenSUSE includes a nifty utility for setting up the firewall, but
>>>> doesn't seem to be setting up correctly to allow for vsftp.
>>>>
>>>> Can someone please tell me what ports must be left open for vsftp
>>>> operation?
>>>>
>>>> According to the firewall utility, for vsftp, port 20 should be open.
>>>> According to lists of recognised TCPIP ports, 21 should also be open, and
>>>> I've tried this but with no success.
>>>>       
>>>>         
>>> The only thing I know about this is there are two different FTP modes
>>> (Passive and active). One uses both ports, using 21 for setting up the
>>> transfer and 20 for moving data, whereas the other uses only one port
>>> (21 I think). Some ftp clients let you choose which mode to use.
>>>
>>> I.e. you definitely want both ports open, but it sounds like you've
>>> already tried that.
>>>
>>> You could try doing 'telnet <ftp host name> 21' from the client machine,
>>> and see what response you get with the firewall up and down. This might
>>> give you a clearer idea of whether the firewall is configured right. (If
>>> it is, the response should be the same in both cases)
>>>
>>> andy
>>>     
>>>       
>>
>> _______________________________________________
>> Lancaster mailing list
>> Lancaster at mailman.lug.org.uk
>> https://mailman.lug.org.uk/mailman/listinfo/lancaster
>>
>>   
>>     
>
>
> _______________________________________________
> Lancaster mailing list
> Lancaster at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/lancaster
>
>

More information about the Lancaster mailing list