Thank you. In my eyes the behaviour of the ftp.namesys.com server does not match the active ftp session nor the passive one. It tries to open the data channel, but not from ftp-data port but from a dyn port. thebsh.namesys.com:4144 = 5 300S--- eth1 x xxx.xxx.xxx.xxx:32821
Does the EXPECTING line of iptables result from clients "PORT" command on the ftp control channel? As I read it?s the following sequence: "In active mode FTP the client connects from a random unprivileged port (N > 1024) to the FTP server's command port, port 21. Then, the client starts listening to port N+1 and sends the FTP command PORT N+1 to the FTP server. The server will then connect back to the client's specified data port from its local data port, which is port 20. " There I see the next problem: EXPECTING: proto=6 src=212.16.7.65 dst=xxx.xxx.xxx.xxx sport=0 dport=32822 The SYN packet from the ftp server is expected on port N of the client, not on N+1 as described in the excerpt above. Is this a problem of the ftp-client sending a wrong PORT command in this case? ----- Original Message ----- From: "Alexey Talikov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 3:44 PM Subject: RE: IP-conntrack / ftp > how works active ftp > ftp ftp.somwhere.com > client________server > dyn1 -------> ftp > dyn1 <------- ftp > auth <------- dyn2 authorization > auth -------> dyn2 authorization > dyn3 -------> dyn4 ls command > dyn3 <------- dyn4 ls command > passive ftp > client________server > dyn1 -------> ftp > dyn1 <------- ftp > auth <------- dyn2 authorization > auth -------> dyn2 authorization > dyn3 -------> ftp-data ls command > dyn3 <------- ftp-data ls command > dyn dynamyc ports 1025-65535 > ftp=21 ftp-data=20 auth=113 > >
