Thanks Joe, and every one else who has replied... There's definitely something strange going on here. I still haven't figured it out, but it does not seem to be any of the "normal" things you would think. Concerning IPtables, this is from iptables -L -n:
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED As you can see, 20 and 21 are both opened, and the related,established rule is in effect. In terms of command line vs GUI weirdness (one works and one doesn't) all I can say is that when I stop iptables, all clients can connect no problem. We I start iptables, I can get through on some clients (i.e. the command line) and not others, i.e. Windows Explorer (Which the customer uses in this situation). I also tried adding a rule to iptables that opens ALL ports to the client's ipaddress... and that did nothing. This is definitely a head scratcher... any one has any ideas please let me know! Thanks. Sam On 6/19/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Joseph Mack PhD, High Performance Computing & Scientific Visualisation > LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 Federal > Infrastructure Contact-Ravi Nair 919-541-5467 - [EMAIL PROTECTED], > Federal Visualization Contact - Joe Retzer, Ph.D. 919-541-4190 - > [EMAIL PROTECTED] > > [EMAIL PROTECTED] wrote on 06/13/2005 08:29:45 PM: > > > Using a GUI FTP client, either on Windows or Linux, either > > in Passive mode > > or not, the client successfully makes a connection and > > authenticates against > > the server. After that initial connection, it hangs and > > times out. > > this usually means that you have the command port connection > OK (port 21) but not the dataport (20 for active ftp, anything > for passive). You need to add a rule with "RELATED" > in it to allow the 2nd port through (don't know specifics, > go look on an iptables HOWTO). > > > > The weird thing is that if you log in via FTP on the > > command line from any > > client it works totally fine. > > if it's an iptables problem, then the command line wouldn't work either, > unless one was active (command probably) and the other passive > (gui probably) > > for more than you probably want to know about ftp look at this > > http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html#ftp > > Joe > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
