[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: your mail - sorry for empty subject.

Andrew Pritchard (andrew@teppic.co.uk) wrote:

> > What I want, is a way for people on internet to be able to connect (both
> > active and passive) to my FTP server. And my FTP server (192.168.1.13)
> > is located on the internal network.
> 
> I've done it just by forwarding Port 21 to the internal machine from the 
> firewall. That's all I did.

Do you have any filtering rules on the
masq-router? If you block port 20 of the
ftp-server, it will brake aktive and if you block
>1024 it will brake passive ftp. 

> > With portforwarding, it is possible to make both active and passive
> > connections. But with passive it is not possible to fetch any data. I
> > believe this is becasue my firewall (192.168.1.1) is not accepting the
> > FTP servers request to open a new port. Can I make a ipchains rule to allow
> > this?
> 
> I'm wondering if you're using a chroot jailed FTP server, and you don't have the 
> right binaries in the chroot jail. I could be missing the target here though.

Since he can do ls with active ftp, that cannot be
the problem here.

-Rolf
Reply to: