[sclug] Re :ftp

Alex Butcher lug at assursys.co.uk
Thu Aug 19 19:40:42 UTC 2004 

On Thu, 19 Aug 2004 sclug at whittycat.me.uk wrote:

> Keith Edmunds wrote: 
> 
> > Are you using NAT?
> 
> I don't think so. It's not a router, just a simple ethernet modem with one 
> ethernet port.

Unless you've installed and configured PPPoA (PPP over ATM) software on any
attached hosts, it's a router, trust me. ;-)

> I doubt it is capable of being a proxy either. 
> 
> Alex Butcher wrote: 
> 
> > Sounds like some dodgy firewall between the ftp site and you. It could be
> > your ISP, but I'd put money on it being yours (including your ADSL
> > router/modem/firewall device).
> 
> The firewall is the default iptables provided by the installation. The 
> iptables man page says that passive ftp will not be affected. 

The ftp command doesn't use passive FTP. It uses non-passive (aka non-PASV
or 'active') FTP. Non-passive FTP requires that the FTP server makes
connections from source port 20 (ftp-data) to client-specified high
(1024-65535) ports for directory listings, file transfers and maybe other
things too (read the RFC if you want the gory details).

> > Ethereal <http://www.ethereal.com> is much easier to use.
> 
> Maybe. I tried installing it about a year ago and got so entangled with 
> libraries and dependencies that I had to give up. I did install tethereal
> but I thought its information was just tcpdump presented in a slightly
> different way. 

Correct. But that 'slightly different way' is easier for all of us to
understand.

> > Looks like your ethernet modem is being a transparent DNS proxy or
> something. Eww. 
> 
> Doesn't it get its addresses from the nameserver in /etc/resolv.conf? 

Yes, but it looks as though your router is pretending to be those IP
addresses.

> I recorded the modem system log during the process of making a connection
> [the dates and times are wrong]. Is this what you would expect? 
> 
> Sep 16 11:20:35> DSL Carrier is down
> Sep 16 11:20:55> DSL Carrier is up
> Sep 16 11:20:56> Connection terminated.
> Sep 16 11:20:56> pppd 2.4.1 started by root, uid 0
> Sep 16 11:20:56> Connect: ppp0 {--}
> Sep 16 11:21:05> DSL Carrier is down
> Sep 16 11:21:35> DSL Carrier is up
> Sep 16 11:22:37> Connection terminated.
> Sep 16 11:22:37> pppd 2.4.1 started by root, uid 0
> Sep 16 11:22:37> Connect: ppp0 {--}
> Sep 16 11:22:39> Couldn't increase MTU to 32725
> Sep 16 11:22:39> default route ioctl(SIOCADDRT): Network is unreachable(128)
> Sep 16 11:22:39> local  IP address 80.229.223.6
> Sep 16 11:22:39> PPPoA Connect with IP Address 80.229.223.6
> Sep 16 11:22:39> remote IP address 195.166.128.123
> Sep 16 11:22:39> PPPoA Connection Successfully Established
> Sep 16 11:22:39> PPPoA Connect with Gateway IP Address: 195.166.128.123
> Sep 16 11:22:39> primary   DNS address 212.159.13.49
> Sep 16 11:22:39> secondary DNS address 212.159.13.50 

Looks reasonable. And, oh look, there's the PPPoA software - on your router!
;-)

> I'll keep on reading what I can find about ftp 
> Tony Sumner 

Best Regards,
Alex.
-- 
Alex Butcher      Brainbench MVP for Internet Security: www.brainbench.com
Bristol, UK                      Need reliable and secure network systems?
PGP/GnuPG ID:0x271fd950                         <http://www.assursys.com/>

More information about the Sclug mailing list