Re: natd not allowing incoming ftp connections, but web is okay
[EMAIL PROTECTED] wrote on 10/18/2002 03:24:47 AM: > That is because of the nature of the FTP protocol. FTP uses > two separate TCP connections: one for commands (port 21) and > another one for data (port 20). What's going on when client > tries to establish the FTP session? I tried from my office using wsftp, twice, once in active mode and once in passive mode, both result in the following error: ! Can't get "ftp://66.114.152.128/"; host entry ! Connection failed ftp://66.114.152.128/ > So if client uses active mode ftp you should not mention > port 20 in "redirect port" directive (data channel will be > aliased according to "alias address" directive): > redirect_port tcp 192.168.1.14:21 21 > If client uses passive mode FTP then you probably should use > two directives: > redirect_port tcp 192.168.1.14:21 21 > redirect_port tcp 192.168.1.14:49152-65535 49152-65535 Is it okay to have all 3 of the above redirect lines? I changed my natd.conf line for ftp to the first line above, and also added the other two lines. Is that a problem? > Is /var/log/alias.log exists and has correct permissions? It did exist, has two lines, but no error lines, so then I set the permissions to 755, it still didn't get written to, then I changed it to 777, still not getting written to. > You may also try to log events via syslog using > "log_facility" directive. Would that fill the syslog full of natd/firewall messages? Sometimes there are tons of messages. -- Chip > - -- > Best regards, > Artemmailto:aokounev@;yahoo.com > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.0 (MingW32) > iD8DBQE9r+F6bOuJ0KL1C+MRAsAhAJ9uV3if84mDkq6DLy6mHDTLO1+V5ACdHf5/ > zIYu6XId3WVQPDqBdERC0FA= > =+gLt > -END PGP SIGNATURE- > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: natd not allowing incoming ftp connections, but web is okay
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Chip, Friday, October 18, 2002, 8:36:47 AM, you wrote: CW> I have a server set up to run both web server and ftp CW> server. The web server is working great, internet CW> connect to it just fine. The ftpd server is running, it CW> works great on the intranet, but from the internet CW> connections are not allowed - according to wsftp the CW> message is connection refused CW> My natd.conf looks like this - CW> use sockets yes CW> port 8668 CW> alias address xx.xx.xx.xxx CW> log CW> unregistered only CW> redirect_port tcp 192.168.1.14:20-21 20-21 CW> redirect_port tcp 192.168.1.14:80 80 CW> I don't understand why the port 80 line works and the CW> port 20-21 line does not. That is because of the nature of the FTP protocol. FTP uses two separate TCP connections: one for commands (port 21) and another one for data (port 20). What's going on when client tries to establish the FTP session? 1. Client allocates two ports for himself (both above 1023) 2. It uses first port to connect to server's port 21 3. Using this established session client issues directive PORT to server to tell the server port number for data transfer. 4. Server initiates connection from its port 20 to client's second opened port. So if client uses active mode ftp you should not mention port 20 in "redirect port" directive (data channel will be aliased according to "alias address" directive): redirect_port tcp 192.168.1.14:21 21 If client uses passive mode FTP then you probably should use two directives: redirect_port tcp 192.168.1.14:21 21 redirect_port tcp 192.168.1.14:49152-65535 49152-65535 CW> Even though it says log, there is no log file being CW> written to, all log items show on the local display, I CW> don't know why. CW> Any ideas what to check? Is /var/log/alias.log exists and has correct permissions? You may also try to log events via syslog using "log_facility" directive. - -- Best regards, Artemmailto:aokounev@;yahoo.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (MingW32) iD8DBQE9r+F6bOuJ0KL1C+MRAsAhAJ9uV3if84mDkq6DLy6mHDTLO1+V5ACdHf5/ zIYu6XId3WVQPDqBdERC0FA= =+gLt -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
natd not allowing incoming ftp connections, but web is okay
I have a server set up to run both web server and ftp server. The web server is working great, internet connect to it just fine. The ftpd server is running, it works great on the intranet, but from the internet connections are not allowed - according to wsftp the message is connection refused I have a dsl connection, and use an old 28.8 modem occasionally to test this stuff. When I try to connect, as anonymous, to the outside ip address that's when I get the refused error, when I connect to the inside ip address I connect fine. My natd.conf looks like this - use sockets yes port 8668 alias address xx.xx.xx.xxx log unregistered only redirect_port tcp 192.168.1.14:20-21 20-21 redirect_port tcp 192.168.1.14:80 80 I don't understand why the port 80 line works and the port 20-21 line does not. Even though it says log, there is no log file being written to, all log items show on the local display, I don't know why. Any ideas what to check? -- Chip To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message