Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hi, I'm having a little problem with the suse-firewall (/etc/sysconfig/SuSEfirewall2)
I use it on a computer which acts as a router between 2 networks. it masquerades trafic from the internal network to the internet.
When I log in to the linuxbox, I can connect to external ftp-servers with no problems, I can use 'cd' to change the directory on the ftp-server, but when I do 'ls' or 'dir', I get the folowing:
200 PORT command successfull
which is normal, but then it stops and I can't do anything anymore, even ctrl+c doesn't work. I have to kill the process manually.
if I disable the firewall, everything works as it should and I get this when I type 'ls':
200 PORT command successfull
150 Opening ASCII mode data connection for /bin/ls.followed by the content of the directory.
So my guess was that the firewall prevents my computer from making a dataconnection.
I tried adding
ftp ftp-data ftp-agent 20:23
to the experts-box in yast, which just offers you the option to make extra services and ports available to the outside world.But it still prevents me from displaying the content of a directory.
I don't know if it is outgoin traffic that is being blocked and thereby never reaching the ftp-server, of if my firewall drops the response of the ftp-server.any ideas how to solve this?
Johan
Have you enabled both FTP ports, 20 and 21?
21 is for commands (so things like cd will
work) and 20 is for data (needed to handle
things like files and directory listings).
0 
Hi, I configured the firewall to open the ftp and ftp-data port, so that should be fine.
But if I probe my ports on grc.com, I get that port 20 is in stealth-mode (can't be seen from the internet). I tried adding a portrange to be opened: 20:23, then I get that port 20 is closed...
I don't understand why this is happening. If you understand, please tell me, otherwise, I'll have to seek and try some additional things.
0
Hi, me again. I noticed this:
if I connect to an ftp-server, then type 'passive' to enter passive mode, then everything works fine, if I go back to active mode, it's back the same problem...
0 0
I want to use a php-script that can access ftp-servers, and it only works with active mode. I've looked in the file (not thoroughly) and didn't see how I could change it. My php-knowledge is not so good, but I can manage.
0
your problem lies within the fundamentals of the ftp protocol. every ftp connection consists of two channels, as mentioned above. in "active" mode, the client machine makes the initial connection to the server and then the server makes a connection back to the child. in "passive" mode, the client machine makes both the initial and subsequent channel requests.
how does this relate to your situation? your firewall is (probably) preventing incoming connections on ports above 1023. as a result, if you want to ftp from your machine to another server you will have to use a passive connection. conversely, if you want to ftp into your machine you will have to use an active connection.
note that there is a line in /etc/sysconfig/SuSEfirewall2 that begins with "FW_ALLOW_INCOMING_HIGHPORTS_TCP". you can set the value to "ftp-data", but i've never been able to make this work for my purposes.
hope that helps a little,
kevin
0
Hi, thanks for the reply. I tried your suggestion, but it doesn't seem to work for me either.
think I'll give up on it...
0
Hi guys, I found the solution while trying to solve a dynamic IP+server problem. I had to open port 25 additional to the ftp and ftp-data port!
webftp-script works like a charm now!
Johan
0  |
 sector read/write of 5,25
|
mounting an ftp-server ?
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
