On Mon, 2003-08-11 at 14:04, Victor McAllister wrote: > I am helpiing a friend upgrade a Dachstein box to Bering 1.2 over DSL > PPPoE. He has a windows program (192.168.1.100 machine) on the internal > network that sends a gif file for a weater broadcast every 15 minutes. > The remote server accepts his login and password. It says binary > passive. It then sends the PORT that ends in port 4061. > > Shorewall.log shows no packets dropped from the ftp server. It does > show som port 135 stuff dropped. > > It works in Dachstein but does not work in Bering. The Berin box loads > the modules ip_conntrack_ft and ip_nat_ftp are loaded per default. > > I understand that that kernel 2.4 allows connection tracking for active > ftp transfers. > The file does not get transfered. > I have ssh access to his firewall. > > Any suggestions? It is not blocking by the ISP since we can boot up > Dachstein and it works. Any suggestions???
Given that you have the above-mentioned modules loaded and you have the normal loc->net policy of ACCEPT, ftp should work. I'd look at the session on ppp0 with tcpdump - either capture to a file and analyze with ethereal or snarf enough of the data packets to see the control connection: (e.g., "tcpdump -Xni ppp0 -s 2048 host 192.168.1.100 and port 21" ) -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
