First of all, can you login to the ftpd?
I figure you can.
But when you try to do a directory listing,
you get that error.
And the error you get from the ftpd server
is ">>error message: "501 you are on a LAN
and the IP-NAT is not translating your IP address
correctly"
So let's refer to RFC 959, FTP:
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc0959.html
on or about page 37-40 we learn how to decode the three
decimal digits in the response code, which is formed like
xyz, where your response was a 501:
5yz Permanent Negative Completion reply
The command was not accepted and the requested action did
not take place. The User-process is discouraged from
repeating the exact request (in the same sequence). Even
some "permanent" error conditions can be corrected, so
the human user may want to direct his User-process to
reinitiate the command sequence by direct action at some
point in the future (e.g., after the spelling has been
changed, or the user has altered his directory status.)
x0z Syntax - These replies refer to syntax errors,
syntactically correct commands that don't fit any
functional category, unimplemented or superfluous
commands.
xy1 This is a finer grain subcatagory of the xy value, so
a 1 in the last digit can mean many things.
In the case of 501, the usual meaning is:
501: Syntax error in parameters or arguments.
So what the server is trying to tell you is that you
sent an invalid PORT command, which was invalid not
because of how it was formed but becuase of the values
of it's arguments. Something that would cause a PORT
command from a client to a server to be invalid would
be if the client sent and invalid address, that is, an
address from the private non-routeable space like
192.168.1.1.
What is supposed to happen is that those invalid
addresses are supposed to be munged on the fly by
ip_masq_ftp.
Do you have ip_masq_ftp installed?
# lsmod
should list the mods.
As far as what your admin said, ignore it. If one of
my sysops told me he was going to mess with port 864
and try to run a server on that port, I'd ask if he
was sure he didn't want to go into art.
If you want to be responsible for your own end,
you might check your syslog and paste in any relevant
denied packets if any between you and the ftpd, also.
Best,
Matthew
Joris Kempen wrote:
> Hi people,
>
> I talked with the admin of the ftp site.
>
> and he told me that port 864 is needed for IP NAT.
>
> Can I just open port 864?
>
> I have DachStein & Echowall, how do I open this port 864.
>
> Any links maybe that tell me (in easy language:) what IP-NAT exactly is..
>
> Thanks..
>
> Met vriendelijke groet,
>
> Joris Kempen
> St. Ursulahof 47
> 5995 CB Kessel
>
> email: [EMAIL PROTECTED]
> tel. nr.: 06 1257 4228
>
>
>>-----Original Message-----
>>From: [EMAIL PROTECTED]
>>[mailto:[EMAIL PROTECTED]]On Behalf Of Joris Kempen
>>Sent: Saturday, September 21, 2002 10:14 AM
>>To: Leaf (E-mail)
>>Subject: [leaf-user] FTP and IP-NAT
>>
>>
>>HI people,
>>
>>I have a Dachstein router with EchoWall and SSH on it.
>>
>>I try connecting to a FTP server and get this message:
>>
>>error message: "501 you are on a LAN and the IP-NAT is not
>>translating your
>>IP address correctly"
>>
>>I didn't have this problem before with this server, so i
>>assume they changed
>>something.
>>
>>What do I need to change in my router to prevent this problem?
>>
>>Thanks for any help.
>>
>>Joris
>>
>>Met vriendelijke groet,
>>
>>Joris Kempen
>>St. Ursulahof 47
>>5995 CB Kessel
>>
>>email: [EMAIL PROTECTED]
>>tel. nr.: 06 1257 4228
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
