--- [EMAIL PROTECTED] wrote: > I had this problem too. The control channel is working and the data > channel of ftp is blocked. > > I always thought that ftp control channel tcp 21 towards the server and > data channel tcp 20 towards the client in case of active ftp is common > rfc compliant behaviour of all ftp servers. > That should read tcp 20 from the server. However since ftp-servers stated using privelage seperation this is no longer posibe, in unix any way as ports < 1024 are priveleged.
> But some seems to answer on arbitrary ports, as I could see at the log > files. > Are those servers sick or is that behaviour normal? > > How is iptables connection tracking for ftp supposed to deal with the > backwards initiated ftp data connections - active ftp - and in case of > ansering on arbitrary ports? > A good question. > Did you tcpdump the connection initiation process? > > Erik > > >Hi all > > > >I have configured a iptables firewall (2.4 Kernel). It > >has allowed any service form inside and only ssh and > >mail from outside. > > > >My probles is, from inside I can not ftp to outside > >server. > > > >When i type ftp command it prompts username and > >passwords. but I can not get "ls" output. > > > >It gives > > > >550 Permission denied > >425 use PORT or PASV first > > > > > >I hope Your help > > > > > >Thank You > > > >Champaka > > > > > > > >__________________________________ > >Do you Yahoo!? > >New and Improved Yahoo! Mail - Send 10MB messages! > >http://promotions.yahoo.com/new_mail > > > > > >-- > >To UNSUBSCRIBE, email to [EMAIL PROTECTED] > >with a subject of "unsubscribe". Trouble? Contact > >[EMAIL PROTECTED] > > > > > > __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail
