"Voytek Eymont" <[email protected]> writes:
> On Fri, August 14, 2009 12:54 pm, Daniel Pittman wrote:
>> "Voytek Eymont" <[email protected]> writes:
>
>> So, when the user tries to connect, what state are the relevant sockets
>> at the client and server end? My guess is the client is trying to connect
>> to the server, but the server firewall is blocking the (passive FTP)
>> connection.
>
> how to assess, netstat --?
Yeah, or tcpdump.
>>> Command: PORT 192,168,97,49,226,65
>>> Response: 500 Illegal PORT command
>>>
>>
>> That isn't a good start: the client asked the server to connect to a
>> private IP address (192.168.97.49) with active FTP. Behind NAT like that
>> the client should either improve their firewall, or disable active FTP
>> entirely.
>
> server has like:
> /etc/sysconfig/iptables
Hmmmm. Does it have the nf_nat_ftp and nf_conntrack_ftp modules loaded, too?
[...]
>>> Command: PASV
>>> Response: 227 Entering Passive Mode (116,197,145,51,175,75).
>>>
>>
>> At this point the server *should* be expecting a connection from the
>> client, on TCP/44875, but I bet the firewall isn't letting that through.
>>
>> Check your firewall logs first, to see if you have a record of blocking
>> that connection or not.
>
> what log to look at?
I don't know, on RedHat. I think they had /var/log/firewall or something?
Anyway, what you are after, specifically, is to find out if the connection
above was blocked by the firewall or not. (...and if your firewall rules
don't log blocked packets there will be *no* record of that. ;)
Regards,
Daniel
--
✣ Daniel Pittman ✉ [email protected] ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
Looking for work? Love Perl? In Melbourne, Australia? We are hiring.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
