[sllug-members]: FTP Problems

[Corey Edwards]

On Tue, 2006-08-22 at 09:25 -0600, Adam Barrett wrote:
> Hey all!
> 
> I am running SuSE 10.0, with Lampp/Xampp, with Proftp as the server.
> 
> When people connect they are validating all right, but then the server
> is failing to make connections/sockets, I can't even get directory
> info.
> 
> When I login locally and do a loopback to the FTP it works fine, also
> from inside my own network (any machine) I am able to connect just
> fine.

It sounds like the classic Active vs. Passive issue. FTP uses two ports.
Port 21 is used for control traffic. It is opened by the client. With
active data transfers, the client opens a listen port, tells the server
what the port is and the server opens a return connection to the client.
That happens for every file that is sent. You can probably see how a
firewall would get in the way. Generally it's a firewall problem on the
client side.

The other option is passive ftp where instead of the server connecting
back to the client, the client opens a second connection to the server
for the data transfer.

Check and see whether your client is using active or passive ftp. Most,
if not all, ftp clients now try passive by default because of all the
firewall and NAT problems we now have.

Make sure you don't have too strict of a firewall on your server. It
needs to allow inbound connections on port 20 for passive transfers to
work. It also needs to be able to open outgoing connections from port 20
for active transfers.

Now would also be a good time to become familiar with tcpdump if you're
not already. Here's a couple you could try.

        # tcpdump -np -s 1500 port 20 or port 21
        # tcpdump -np -s 1500 host <client ip>
        
Corey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://sllug.org/pipermail/sllug-members/attachments/20060822/a31aac39/attachment.pgp