Hi there, I'm seeing some funny behaviour on one of my debian woody firewalls. It manifests itself when making an active ftp connection from a Snatted client behind the firewall with the following error
ftp> ls 501 Illegal PORT command ftp: bind: Address already in use I have the ip_nat_ftp and ip_conntrack_ftp modules loaded and the following version of iptables ii iptables 1.2.6a-5.0woody2 IP packet filter administration tools for 2.4.4+ I have run ethereal to see what is going on and it appears that the firewall is modifying the PORT command and sending too many parameters. ie. seen on the inside interface of the firewall: PORT 192,168,1,2,216,207 which is ok however when seen on the outside interface it appears as: PORT 10,1,1,2,216,207,207 which has a superfluous '207' parameter 192,168,1,2 - private ip address 10,1,1,2 - public ip address Any tips / advice / suggestions much appreciated. Regards Tom -- Tom - 2Ergo Technical Support <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
