Hi guys, can't remember if I replied... but thanks for the help :)
there's a "exit 0" in the rc.local, should I remove it prior to adding that line? Is subsequent releases fixing this "problem"? Thanks! Daren -----Original Message----- From: Robyn Orosz [mailto:[EMAIL PROTECTED] Sent: Wednesday, 29 August 2007 22:35 To: Daren Tay Cc: Wink; vyatta-users@mailman.vyatta.com Subject: Re: [Vyatta-users] Allowing FTP Connections Hi Daren, Try doing a: Router-1:~# modprobe ip_nat_ftp Then attempt your FTP connection again and see if that works. If it does, you should add the 'modprobe ip_nat_ftp' line to the '/etc/rc.local' file so that the module will be loaded on boot. You can also run a package update to the latest version. Instructions are on this page: http://www.vyatta.com/twiki/bin/view/Community/HowToUpdate The package update is *somewhat* non-disruptive but, you will have to reboot before you can run the new version. I wouldn't say VC2 is too old but, we have been adding new features and fixing issues so rapidly that it will almost always benefit you to upgrade when a more current stable release is available. Thank you and let me know if loading the nat ftp module works for you. -Robyn Daren Tay wrote: > I am using VC2. Is that "too old"? > > I can't find the ip_conntrack_ftp and the ip_nat in the system... is there > any way I can add it in without upgrading it? > Because we have deploy this machine router into a pre-production environment > already... > > I did a tshark as advice, and the response is as follows. Basically my ftp > client manage to do all the authentication etc... but just time out at the > end. > I have replace the ip address with text for security sake :) > > 0.000000 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [SYN] Seq=0 Len=0 MSS=1 460 > 0.000821 <server public ip address> -> <mine ip address> TCP 21 > 62695 > [SYN, ACK] Seq=0 Ack=1 > Win=5840 Len=0 MSS=1460 > 0.003708 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [ACK] Seq=1 Ack=1 Win=6 5535 > Len=0 > 0.004924 <server public ip address> -> <mine ip address> FTP Response: 220 > (vsFTPd 2.0.1) > 0.008623 <mine ip address> -> <server public ip address> FTP Request: USER > st701import > 0.008749 <server public ip address> -> <mine ip address> TCP 21 > 62695 > [ACK] Seq=21 Ack=19 Win =5840 > Len=0 > 0.008780 <server public ip address> -> <mine ip address> FTP Response: 331 > Please specify the p assword. > 0.011728 <mine ip address> -> <server public ip address> FTP Request: PASS > st701import > 0.015016 <server public ip address> -> <mine ip address> FTP Response: 230 > Login successful. > 0.019243 <mine ip address> -> <server public ip address> FTP Request: SYST > 0.019385 <server public ip address> -> <mine ip address> FTP Response: 215 > UNIX Type: L8 > 0.022724 <mine ip address> -> <server public ip address> FTP Request: FEAT > 0.022865 <server public ip address> -> <mine ip address> FTP Response: > 211-Features: > 0.022869 <server public ip address> -> <mine ip address> FTP Response: > EPRT > 0.024277 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [ACK] Seq=49 Ack=119 Wi n=65417 > Len=0 > 0.024407 <server public ip address> -> <mine ip address> FTP Response: > EPSV > 0.044471 <mine ip address> -> <server public ip address> FTP Request: PWD > 0.044602 <server public ip address> -> <mine ip address> FTP Response: 257 > "/" > 0.048225 <mine ip address> -> <server public ip address> FTP Request: TYPE > A > 0.048362 <server public ip address> -> <mine ip address> FTP Response: 200 > Switching to ASCII m ode. > 0.053214 <mine ip address> -> <server public ip address> FTP Request: PORT > 202,79,222,24,238,93 > 0.053370 <server public ip address> -> <mine ip address> FTP Response: 200 > PORT command success ful. > Consider using PASV. > 0.056698 <mine ip address> -> <server public ip address> FTP Request: LIST > 0.096912 <server public ip address> -> <mine ip address> TCP 21 > 62695 > [ACK] Seq=267 Ack=95 Wi n=5840 > Len=0 > 29.923389 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [FIN, ACK] Seq=95 Ack=267 Win=65269 Len=0 > 29.963325 <server public ip address> -> <mine ip address> TCP 21 > 62695 > [ACK] Seq=267 Ack=96 Win=5840 Len=0 > 35.095862 <mine ip address> -> 202.79.220.67 FTP Request: REST 0 > 35.097736 202.79.220.67 -> <mine ip address> FTP Response: 350 Restart > position accepted (0). > 35.258781 <mine ip address> -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=8 > Ack=36 Win=65437 Len=0 > 60.059182 <server public ip address> -> <mine ip address> FTP Response: 425 > Failed to establish connection. > 60.059188 <server public ip address> -> <mine ip address> FTP Response: 500 > OOPS: > 60.059191 <server public ip address> -> <mine ip address> FTP Response: > vsf_sysutil_recv_peek: no data > 60.059195 <server public ip address> -> <mine ip address> FTP Response: > 60.060807 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [RST, ACK] Seq=96 Ack=304 Win=0 Len=0 > 60.060963 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [RST] Seq=96 Len=0 > 60.061221 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [RST] Seq=96 Len=0 > 60.061580 <mine ip address> -> <server public ip address> TCP 62695 > 21 > [RST] Seq=96 Len=0 > 89.135183 <mine ip address> -> 202.79.220.67 FTP Request: TYPE I > 89.136835 202.79.220.67 -> <mine ip address> FTP Response: 200 Switching to > Binary mode. > 89.273732 <mine ip address> -> 202.79.220.67 TCP 60629 > 21 [ACK] Seq=16 > Ack=67 Win=65406 Len=0 > > -----Original Message----- > From: Robyn Orosz [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 28 August 2007 21:41 > To: Daren Tay > Cc: Wink; vyatta-users@mailman.vyatta.com > Subject: Re: [Vyatta-users] Allowing FTP Connections > > > Hi Daren, > > If you are running an earlier version of Vyatta, the FTP conntrack NAT > module may not be loaded. See the following Bugzilla issue: > > https://bugzilla.vyatta.com/show_bug.cgi?id=1498 > > This issue has been resolved in the latest versions of Vyatta. > > You can tell which version you're running by running the 'show version' > command in the CLI operational mode. > > You can tell whether or not the appropriate modules are loaded by > running 'lsmod' from the bash shell while logged in as root. > > lsmod |grep ftp > > If they aren't loaded, you can try doing a modprobe fore the NAT/ > conntrack FTP modules: > > ip_conntrack_ftp and ip_nat_ftp > > Or, upgrade your system. > > If these modules or the same modules preceded by nf rather than ip are > loaded, you should be OK. If that's the case then go with Wink's > suggestion of running a packet capture on the Vyatta router: > > Example: tshark -n -i eth1 port ftp > > Where -i ethx = the interface on the router that your desktop is > connected to and you can also run it on eth0 which looks to be your > outside facing interface. > > Hope this helps. > > Thanks, > > Robyn > > Daren Tay wrote: > >> woah... on the desktop that i am trying to connect from? >> >> -----Original Message----- >> From: Wink [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, 28 August 2007 19:14 >> To: Daren Tay; vyatta-users@mailman.vyatta.com >> Subject: Re: [Vyatta-users] Allowing FTP Connections >> >> >> Packet captures? Perhaps the forwarding function is working. >> >> I'd run wireshark and see if the FTP packets are being forwarded out of >> > the > >> router... >> >> >> ----- Original Message ----- >> From: "Daren Tay" <[EMAIL PROTECTED]> >> To: <vyatta-users@mailman.vyatta.com> >> Sent: Tuesday, August 28, 2007 6:09 AM >> Subject: [Vyatta-users] Allowing FTP Connections >> >> >> >> >>> Hi guys, >>> >>> I realise after setting all the static routes, and what not, I can SSH >>> > but > >>> I >>> can't FTP. weird... >>> >>> basically the public ip is at my router which directs to my private >>> > server > >>> (192.168.40.x) via routing. >>> The 2 key NAT rules are: >>> >>> rule 1 { >>> type: "source" >>> translation-type: "masquerade" >>> outbound-interface: "eth0" >>> protocols: "all" >>> source { >>> network: 192.168.40.0/24 >>> } >>> destination { >>> network: 0.0.0.0/0 >>> } >>> } >>> >>> >>> rule 12 { >>> type: "destination" >>> translation-type: "static" >>> inbound-interface: "eth0" >>> protocols: "all" >>> source { >>> network: 0.0.0.0/0 >>> } >>> destination { >>> address: <public ip> >>> } >>> inside-address { >>> address: 192.168.40.73 >>> } >>> } >>> >>> >>> >>> Can SSH, HTTP etc, but I can't do FTP weirdly.... do I need to do more >>> NAT? >>> >>> Thanks! >>> Daren >>> >>> _______________________________________________ >>> Vyatta-users mailing list >>> Vyatta-users@mailman.vyatta.com >>> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >>> >>> >>> -- >>> No virus found in this incoming message. >>> Checked by AVG Free Edition. >>> Version: 7.5.484 / Virus Database: 269.12.10/976 - Release Date: >>> > 8/27/2007 > >>> 6:20 PM >>> >>> >>> >>> >> _______________________________________________ >> Vyatta-users mailing list >> Vyatta-users@mailman.vyatta.com >> http://mailman.vyatta.com/mailman/listinfo/vyatta-users >> >> > > _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
