I am using VC2. Is that "too old"? I can't find the ip_conntrack_ftp and the ip_nat in the system... is there any way I can add it in without upgrading it? Because we have deploy this machine router into a pre-production environment already...
I did a tshark as advice, and the response is as follows. Basically my ftp client manage to do all the authentication etc... but just time out at the end. I have replace the ip address with text for security sake :) 0.000000 <mine ip address> -> <server public ip address> TCP 62695 > 21 [SYN] Seq=0 Len=0 MSS=1 460 0.000821 <server public ip address> -> <mine ip address> TCP 21 > 62695 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 0.003708 <mine ip address> -> <server public ip address> TCP 62695 > 21 [ACK] Seq=1 Ack=1 Win=6 5535 Len=0 0.004924 <server public ip address> -> <mine ip address> FTP Response: 220 (vsFTPd 2.0.1) 0.008623 <mine ip address> -> <server public ip address> FTP Request: USER st701import 0.008749 <server public ip address> -> <mine ip address> TCP 21 > 62695 [ACK] Seq=21 Ack=19 Win =5840 Len=0 0.008780 <server public ip address> -> <mine ip address> FTP Response: 331 Please specify the p assword. 0.011728 <mine ip address> -> <server public ip address> FTP Request: PASS st701import 0.015016 <server public ip address> -> <mine ip address> FTP Response: 230 Login successful. 0.019243 <mine ip address> -> <server public ip address> FTP Request: SYST 0.019385 <server public ip address> -> <mine ip address> FTP Response: 215 UNIX Type: L8 0.022724 <mine ip address> -> <server public ip address> FTP Request: FEAT 0.022865 <server public ip address> -> <mine ip address> FTP Response: 211-Features: 0.022869 <server public ip address> -> <mine ip address> FTP Response: EPRT 0.024277 <mine ip address> -> <server public ip address> TCP 62695 > 21 [ACK] Seq=49 Ack=119 Wi n=65417 Len=0 0.024407 <server public ip address> -> <mine ip address> FTP Response: EPSV 0.044471 <mine ip address> -> <server public ip address> FTP Request: PWD 0.044602 <server public ip address> -> <mine ip address> FTP Response: 257 "/" 0.048225 <mine ip address> -> <server public ip address> FTP Request: TYPE A 0.048362 <server public ip address> -> <mine ip address> FTP Response: 200 Switching to ASCII m ode. 0.053214 <mine ip address> -> <server public ip address> FTP Request: PORT 202,79,222,24,238,93 0.053370 <server public ip address> -> <mine ip address> FTP Response: 200 PORT command success ful. Consider using PASV. 0.056698 <mine ip address> -> <server public ip address> FTP Request: LIST 0.096912 <server public ip address> -> <mine ip address> TCP 21 > 62695 [ACK] Seq=267 Ack=95 Wi n=5840 Len=0 29.923389 <mine ip address> -> <server public ip address> TCP 62695 > 21 [FIN, ACK] Seq=95 Ack=267 Win=65269 Len=0 29.963325 <server public ip address> -> <mine ip address> TCP 21 > 62695 [ACK] Seq=267 Ack=96 Win=5840 Len=0 35.095862 <mine ip address> -> 202.79.220.67 FTP Request: REST 0 35.097736 202.79.220.67 -> <mine ip address> FTP Response: 350 Restart position accepted (0). 35.258781 <mine ip address> -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=8 Ack=36 Win=65437 Len=0 60.059182 <server public ip address> -> <mine ip address> FTP Response: 425 Failed to establish connection. 60.059188 <server public ip address> -> <mine ip address> FTP Response: 500 OOPS: 60.059191 <server public ip address> -> <mine ip address> FTP Response: vsf_sysutil_recv_peek: no data 60.059195 <server public ip address> -> <mine ip address> FTP Response: 60.060807 <mine ip address> -> <server public ip address> TCP 62695 > 21 [RST, ACK] Seq=96 Ack=304 Win=0 Len=0 60.060963 <mine ip address> -> <server public ip address> TCP 62695 > 21 [RST] Seq=96 Len=0 60.061221 <mine ip address> -> <server public ip address> TCP 62695 > 21 [RST] Seq=96 Len=0 60.061580 <mine ip address> -> <server public ip address> TCP 62695 > 21 [RST] Seq=96 Len=0 89.135183 <mine ip address> -> 202.79.220.67 FTP Request: TYPE I 89.136835 202.79.220.67 -> <mine ip address> FTP Response: 200 Switching to Binary mode. 89.273732 <mine ip address> -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=16 Ack=67 Win=65406 Len=0 -----Original Message----- From: Robyn Orosz [mailto:[EMAIL PROTECTED] Sent: Tuesday, 28 August 2007 21:41 To: Daren Tay Cc: Wink; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Allowing FTP Connections Hi Daren, If you are running an earlier version of Vyatta, the FTP conntrack NAT module may not be loaded. See the following Bugzilla issue: https://bugzilla.vyatta.com/show_bug.cgi?id=1498 This issue has been resolved in the latest versions of Vyatta. You can tell which version you're running by running the 'show version' command in the CLI operational mode. You can tell whether or not the appropriate modules are loaded by running 'lsmod' from the bash shell while logged in as root. lsmod |grep ftp If they aren't loaded, you can try doing a modprobe fore the NAT/ conntrack FTP modules: ip_conntrack_ftp and ip_nat_ftp Or, upgrade your system. If these modules or the same modules preceded by nf rather than ip are loaded, you should be OK. If that's the case then go with Wink's suggestion of running a packet capture on the Vyatta router: Example: tshark -n -i eth1 port ftp Where -i ethx = the interface on the router that your desktop is connected to and you can also run it on eth0 which looks to be your outside facing interface. Hope this helps. Thanks, Robyn Daren Tay wrote: > woah... on the desktop that i am trying to connect from? > > -----Original Message----- > From: Wink [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 28 August 2007 19:14 > To: Daren Tay; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > Packet captures? Perhaps the forwarding function is working. > > I'd run wireshark and see if the FTP packets are being forwarded out of the > router... > > > ----- Original Message ----- > From: "Daren Tay" <[EMAIL PROTECTED]> > To: <vyatta-users@mailman.vyatta.com> > Sent: Tuesday, August 28, 2007 6:09 AM > Subject: [Vyatta-users] Allowing FTP Connections > > > >> Hi guys, >> >> I realise after setting all the static routes, and what not, I can SSH but >> I >> can't FTP. weird... >> >> basically the public ip is at my router which directs to my private server >> (192.168.40.x) via routing. >> The 2 key NAT rules are: >> >> rule 1 { >> type: "source" >> translation-type: "masquerade" >> outbound-interface: "eth0" >> protocols: "all" >> source { >> network: 192.168.40.0/24 >> } >> destination { >> network: 0.0.0.0/0 >> } >> } >> >> >> rule 12 { >> type: "destination" >> translation-type: "static" >> inbound-interface: "eth0" >> protocols: "all" >> source { >> network: 0.0.0.0/0 >> } >> destination { >> address: <public ip> >> } >> inside-address { >> address: 192.168.40.73 >> } >> } >> >> >> >> Can SSH, HTTP etc, but I can't do FTP weirdly.... do I need to do more >> NAT? >> >> Thanks! >> Daren >> >> _______________________________________________ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> >> -- >> No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: 8/27/2007 >> 6:20 PM >> >> >> > > _______________________________________________ > Vyatta-users mailing list > Vyatta-users@mailman.vyatta.com > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
