On Tue, Aug 14, 2001 at 01:34:16PM -0400, Mike Manchester wrote:
> Hi all
> I'm hoping someone can shed some light on this problem.
>
> We have a server located up north as in North Carolina, running Redhat 7.0.
> It's behind a linksys router BEFSR11 and for the live of us we can't get
> the darn think to let us ftp into it with the exception of wsftp on
> Windows. From what I can gather wsftp uses passive mode and scans ports
> until it finds ports it can use. Correct me if I'm wrong here. We have
> enabled port 20 through 21 and ever tried enabling ports 4 through 10000
> but still can only ftp with wsftp.
>
> When I ftp in from a remote terminal I can connect and login but when I do
> an ls it just hangs and then times out with no route to host. If I try
> active mode ftp I get a 500 Illegal port command. ssh works as did telnet
> when it was enabled. The web server also works. I'm at a lose here. Does
> anyone know what ports passive ftp uses? Why won't active ftp work? FTPing
> to itself from itself works. I really think it's related to the ports. Is
> there a good way to check out the ports? I've tried scanning them and the
> scanner says they are open filtered. Does anyone have any experience with
> the above mentioned router?
>
I recently posted a question and answer that got sorta into this. Same
symptoms-- you could log in, but an ls would just hang and then time
out. The answer was that my firewall was blocking packets in a certain
way, which was preventing the "active" FTP connection from starting with
the remote machine. Passive worked fine, though. The exact thing was
that one of my ipchains rules had the -y flag set, which means:
Only matches packets with the SYN flag set and the ACK and FIN bits
cleared. Such packets are used to request TCP connection initiation.
(paraphrased from man ipchains)
FTP uses port 21 normally, and port 20 additionally if you're trying to
do active FTP. (See the /etc/services file, which details most of the
common services and ports.)
On Debian, there's a pftp command, which is for passive ftp. You might
try and see if that works in your situation. Or some other ftp program
that you can configure for passive ftp. If so, I'd bet that's even
though the ports are open, the router is blocking certain packets
necessary for active ftp.
Paul
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:22:55 EDT