[sclug] Re: ftp
sclug at whittycat.me.uk
sclug at whittycat.me.uk
Thu Aug 19 21:37:51 UTC 2004
Alex Butcher writes:
> Unless you've installed and configured PPPoA (PPP over ATM) software on any
> attached hosts, it's a router, trust me. ;-)
OK. An understandable mistake, perhaps; the DSL warehouse website describes
the DSL4300T is an ethernet modem and just below it is the Netgear DG632
described as a modem, two-port router and firewall.
> The ftp command doesn't use passive FTP. It uses non-passive (aka non-PASV
> or 'active') FTP. Non-passive FTP requires that the FTP server makes
> connections from source port 20 (ftp-data) to client-specified high
> (1024-65535) ports for directory listings, file transfers and maybe other
> things too (read the RFC if you want the gory details).
Erm. The man page on ftp says that the -p option has no effect and the
default is passive ftp. If that is the case then surely it is not a
firewall, either iptables or any firewall that might be lurking in the
modem, that is blocking the communication. The client is not accepting
on high-number ports. That leaves Keith's suggestion about ip_conntrack.
But I have two distributions installed, with different kernels, one with
CONFIG_IP_NF_CONNTRACK a module and one with it not set and ftp fails in
both. ftp was fine when I had a cable modem talking to ntl with CONNTRACK
not set and the same iptables I have now.
I am sure I will enjoy reading RFC959 but I have little hope that it will
offer a solution.
> it looks as though your router is pretending to be those IP
> addresses [the ones in the nameserver]
OK, so the big question is how do I stop it doing this?
Tony
More information about the Sclug
mailing list