Hello it's not fixed yet, I don't understand what is going on but I going to run some tests and certainly ask more questions on this thread about the tests results.
Thank you, Bastien Sat, 27 Mar 2004 03:50:10 +0100 Mike Mestnik <[EMAIL PROTECTED]> Message original : > I hope by now you have fixed this. If not use TCP dump to see the SYN > packet ?that is getting droped? and look for the ACK meaning it didn't > get droped. Also see what rull in the iptables it is hitting too make > sure it's allowed. > > --- Bastien Rocheron <[EMAIL PROTECTED]> wrote: > > oops I don't understand because even in passive mode it hangs (in > > TLS only, it works fine in clear mode) > > > > Bastien > > > > > > Thu, 25 Mar 2004 16:10:13 +0100 > > "Volker Tanger" <[EMAIL PROTECTED]> Message original : > > > > > Greetings! > > > > > > On Sun, 25 Apr 2004 14:17:45 +0200 Bastien Rocheron > > > <[EMAIL PROTECTED]> wrote: > > > > > > > I have an iptable packet filter which does his job well but when > > > > I decide to allow only tls connections over the ftp server > > > > people can connect on the server in active mode because I said > > > > to the packet filter to let everything come thru the ftp port > > > > but just after the connection is made it hangs and nothing more > > > > happens. I suppose it's because of the data port which is given > > > > randomly and this one is cyphered so the packet filter gets mad > > > > about it and drop the packets. > > > > > > The FTP-conntrack can't look into the control channel and thus > > > cannot detect which data port will be used - thus no data port is > > > ever opened. > > > > > > One workaround would be to allow all outgoing connections and use > > > PASSIVE FTP... > > > > > > Bye > > > > > > Volker Tanger > > > ITK Security > > > > > > > > > -- > > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > > with a subject of "unsubscribe". Trouble? Contact > > > [EMAIL PROTECTED] > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact > > [EMAIL PROTECTED] > > > > > __________________________________ > Do you Yahoo!? > Yahoo! Finance Tax Center - File online. File on time. > http://taxes.yahoo.com/filing.html > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED]
