Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

iptables/FTP: passive works, active hangs after a few d/ls
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tgice
n00b
n00b


Joined: 03 Jan 2005
Posts: 23
PostPosted: Wed Jun 22, 2005 4:23 pm    Post subject: iptables/FTP: passive works, active hangs after a few d/ls Reply with quote
Working on a new router machine and having a few problems (see my other post https://forums.gentoo.org/viewtopic-t-351372.html on problems with DNAT PREROUTING with Asterisk iax udp protocol on port 4569).

Now I'm having difficulty with clients behind the firewall machine being able to access some FTP sites.

I'm pretty sure it's not the usual simple FTP problems with iptables. I do have all of the FTP/conntrack options set and built in to the kernel, I believe.

Furthermore, I seem to be able to connect to all of the sites I need to, and strangely I can successfully initiate dozens of downloads in a single session when in passive mode, but once I switch to active (which is what the clients are using by default with the Windows command line ftp client [the processes need to be scriptable]) mode, it'll pull about 5 or 6 files (these are small ones) and then the process will annoyingly hang with a message like this:

Quote:
local: 1119093352955.txt remote: 1119093352955.txt
200 PORT command successful
150 Opening BINARY mode data connection for 1119093352955.txt (1008 bytes)
226 Transfer complete.
1008 bytes received in 0.0182 secs (54 Kbytes/sec)
local: 1119093353106.txt remote: 1119093353106.txt
200 PORT command successful
500 Invalid command: try being more creative
local: 1119093358086.txt remote: 1119093358086.txt


and then after it hangs for a few minutes, I'll get this output dumping for the rest of the files I was trying to retrieve:

Quote:
No control connection for command: Success
local: 1119107183872.txt remote: 1119107183872.txt
No control connection for command: Success
local: 1119107420322.txt remote: 1119107420322.txt
No control connection for command: Success
local: 1119220232243.txt remote: 1119220232243.txt
No control connection for command: Success


Most of the posts I've read on FTP problems seem to be the other way around; people can do active sessions but not passive ones. I've got the reverse problem, and I can't understand what's happening.

The server I'm connecting to is a huge one (running ProFTPD 1.2.8, actually), and we've not had problems with them before I started using this new box as a router with iptables. So I'm sure I'm missing something.

Any ideas of what I can look for to diagnose this problem? Trying to do a few packet traces of what's happening right before the freeze goes down, but I'm kind of flying blind here.

Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy