illegal ftp port request / ip_nat_ftp
Hi there,
I'm seeing some funny behaviour on one of my debian woody firewalls. It
manifests itself when making an active ftp connection from a Snatted
client behind the firewall with the following error
ftp> ls
501 Illegal PORT command
ftp: bind: Address already in use
I have the ip_nat_ftp and ip_conntrack_ftp modules loaded and the
following version of iptables
ii iptables 1.2.6a-5.0woody2 IP packet filter administration
tools for 2.4.4+
I have run ethereal to see what is going on and it appears that the
firewall is modifying the PORT command and sending too many parameters.
ie.
seen on the inside interface of the firewall:
PORT 192,168,1,2,216,207
which is ok
however when seen on the outside interface it appears as:
PORT 10,1,1,2,216,207,207
which has a superfluous '207' parameter
192,168,1,2 - private ip address
10,1,1,2 - public ip address
Any tips / advice / suggestions much appreciated.
Regards
Tom
--
Tom - 2Ergo Technical Support <tom.stockton@2ergo.com>
Reply to: