On 12/30/18 5:33 PM, Naveen Neelakanta wrote: > Hi Tom, > > I see that only the FTP Passive Mode works, but is there any other > settings that i need to enable for the active mode to work. I believe > Linux nf_nat_ftp and nf_conntrack_ftp should take care of the mapping > correct and i see they are getting loaded. > > ubuntu@BR2-UBUNTU1:~$ ftp 144.208.69.31 > Connected to 144.208.69.31. > 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- > 220-You are user number 18 of 150 allowed. > 220-Local time is now 17:01. Server port: 21. > 220-This is a private system - No anonymous login > 220-IPv6 connections are also welcome on this server. > 220 You will be disconnected after 30 minutes of inactivity. > Name (144.208.69.31:ubuntu): dlpu...@dlptest.com > <mailto:dlpu...@dlptest.com> > 331 User dlpu...@dlptest.com <mailto:dlpu...@dlptest.com> OK. Password > required > Password: > 230 OK. Current restricted directory is / > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> ls > 500 I won't open a connection to 10.24.8.11 (only to 96.64.220.253) > ftp: bind: Address already in use
That is your FTP server refusing to create the active mode connection. Is there a router in front of the Shorewall box that is doing SNAT on incoming connections? > > conntrack entry: > tcp 6 430709 ESTABLISHED src=10.24.8.11 dst=144.208.69.31 > sport=53478 dport=21 src=144.208.69.31 dst=10.24.8.117 sport=21 > dport=53478 [ASSURED] mark=0 zone=4 use=1 > > 30-001011-4894:/log/home/test# shorewall show capabilities | grep FTP > FTP Helper: Available > FTP-0 Helper: Not available > TFTP Helper: Available > TFTP-0 Helper: Not available > The Shorewall box thinks that the client IP address is 10.24.8.11, while your FTP server thinks that it is 96.64.220.253. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
