FTP..

Christopher Wagner chrisw at pacaids.com
Wed Apr 3 10:41:48 PST 2002


Hi Mark..  Thanks for responding..

When I do a set passive on, it still gives me connection refused..

My uname -a:
Linux pahamoot.audionautomation.com 2.4.9-31 #1 Tue Feb 26 07:11:02 EST 2002
i686 unknown

ipchains appears to still be working even with my 2.4.9 kernel.  I'm not
keeping up very well with the latest firewalling stuff, iptables is kind of
intimidating to me, I'm not sure what exactly I'm supposed to do with it, it
is installed on my box, though.

I stopped ipchains, ftp then worked as it should.  I'm puzzled, this is my
/etc/sysconfig/ipchains:
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 10.0.0.67 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 63.113.184.230 -d 0/0 20 -p tcp -y -j ACCEPT
-A input -s 63.113.184.230 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 63.113.184.230 -d 0/0 20 -p udp -j ACCEPT
-A input -s 63.113.184.230 -d 0/0 21 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -s 198.6.1.5 53 -d 0/0 -p udp -j ACCEPT
-A input -s 198.6.1.146 53 -d 0/0 -p udp -j ACCEPT
-A input -s 208.201.224.11 53 -d 0/0 -p udp -j ACCEPT
-A input -s 0/0 -d 0/0 -p tcp -y -j REJECT
-A input -s 0/0 -d 0/0 -p udp -j REJECT

- Christopher Wagner
chrisw at pacaids.com

Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116


-----Original Message-----
From: Mark Street [mailto:jet at sonic.net]
Sent: Wednesday, April 03, 2002 10:18 AM
To: talk at nblug.org
Subject: Re: FTP..


 From the ncftp prompt type    set passive on
See if you can do an ls then.....

What kernel are you using?, firewall rules code? exclusion ruleset or
inclusion ruleset.  Stock 7.2 used 2.4.7-something or another I believe
which still supports ipchains, when it went to 2.4.9 support for ipchains
gave way to iptables.

See man ncftp and ~/.ncftp/prefs as a work around by setting the passive=
ENV variable for the client.  Not a fix but a work around..... until you
solve the kernel/firewall issue.

At 04:29 PM 4/2/2002 -0800, Christopher Wagner wrote:

>I've got another question I was hoping people might be able to help me
>with..
>
>I'm getting this error message.  The ports (20 and 21) are wide open on
both
>boxes thru ipchains, ftp is running on the server (wu-ftpd on a fresh
>install of Redhat 7.2) and it's going through xinetd.
>
>ncftp /home/chrisw > ls
>connect failed: Connection refused.
>Falling back to PORT instead of PASV mode.
>List failed.
>ncftp /home/chrisw >
>
>Any ideas?



More information about the talk mailing list