[Firehol-support] ftp under firehol
costa at tsaousis.gr
Thu May 12 21:49:40 CEST 2005
it seems there is a bug somewhere in ip_conntrack_ftp, the kernel module,
in kernel 2.6.11 and possibly other versions, that malforms ACTIVE ftp
In the iptables mailing list there are a few patches for fixing ACTIVE ftp
issues in kernel 2.6.12.
I suggest to use PASSIVE ftp in the meantime. I verified that passive ftp
is working correctly. Another solution would be to use a kernel version
that is not affected by this issue.
To enable PASSIVE mode, consult the manual of your ftp client.
On Thu, May 12, 2005 14:11, Grigory Fateyev said:
> On Wed, 11 May 2005 15:10:50 +0400 Grigory Fateyev wrote:
>> On Wed, 11 May 2005 13:40:18 +0400 Grigory Fateyev wrote:
>> > On Tue, 10 May 2005 20:23:24 +0300 (EEST) Costa Tsaousis wrote:
>> > > check the logs. There should be packets dropped and logged if it
>> > > is FireHOL's fault.
>> > Check all but can not work correct. When firehol stop ftp work fine!
>> > What see when login:
>> > 230 Login successful.
>> > Remote system type is UNIX.
>> > Using binary mode to transfer files.
>> > ftp> ls
>> > 200 PORT command successful. Consider using PASV.
>> > 425 Failed to establish connection.
>> tested with "client all accept" ftp work OK, that mean "client ftp
>> accpt" not enought. What must be opened?
> Somebody can help me? Which clients I must accept for normal working ftp
More information about the Firehol-support