[ale] ftp error

Joe Steele joe at madewell.com
Mon Jul 26 10:37:26 EDT 1999


I probably should have said that you needed to "break" the 
firewall, rather than fix it.  I have heard it argued that 
you are weakening your security by opening up your firewall 
to allow non-passive ftp traffic.

How to change your firewall rules depends on your kernel 
version.  I know that 2.0.x versions use ipfwadm.  I believe 
later kernels use ipchains.  Check the man pages for how to 
use these commands.  In your case, listing your present rules 
would be a starting point. The Firewall-HOWTO has more useful 
information.

If you use a masquerading firewall, then you must do more to 
make non-passive ftp connections work.  For 2.0.x kernels, 
there is a ip_masq_ftp.o module that must be loaded (once  
again, I'm talking about non-passive connections only).  I 
don't know about later kernels.  The IP Masquerade Mini-HOWTO 
covers some of these issues.

As an alternative to what I've said above, you could do one 
of the following:

1)  Use a web browser for ftp access.  They apparently use 
passive mode (at least for downloading, which is all I have 
ever used them for).  Search the browser's help file for 
"ftp" for specifics on logging in, uploading, etc.

2)  Get a different ftp client which can use passive mode.  
A free windows client for non-business use is available at "http://www.ipswitch.com/cgi/download_eval.pl?product=WL-1000".  
There probably are others available as well if you search 
for them.

3)  Set up a proxy server for your ftp traffic through your 
firewall.  This is more work than the previous 2 options 
(also covered in the Firewall-HOWTO).

-- Joe Steele

-----Original Message-----
 From:	Rjey Nomer [SMTP:rjeynomer at asia.com]
Sent:	Monday, July 26, 1999 6:01 AM
To:	ale at ale.org
Cc:	Joe Steele
Subject:	RE: RE: [ale] ftp error

------Original Message------
 From: Joe Steele <joe at madewell.com>
To: "'Rjey Nomer'"<rjeynomer at asia.com>
Sent: July 24, 1999 11:39:20 PM GMT
Subject: RE: [ale] ftp error


Most likely a firewall is interfering with the initiation of a data
connection from the server back to the client.  FTP connections
through masquerading firewalls can also lead to problems.
Many ftp clients have an option for using "passive ftp mode"
which solves the problem.  I don't know if the ftp client that
comes with Windows 95 can use passive mode.  You may
need better software (best solved by getting rid of windows :))
or else fix the firewall problem.

Joe Steele

HI...

Just like what you've said; fix the firewall problem; is it the hosts.allow
or what other file/s should I edit to get rid of our problem...

Again Thank you in advanced!!!


-----Original Message-----
 From:	Rjey Nomer [SMTP:rjeynomer at asia.com]
Sent:	Friday, July 23, 1999 11:42 PM
To:	ale at ale.org
Subject:	[ale] ftp error


Hi!

I get an error while I'm accessing my ftp server. The error message is
listed below:

ftp>ls
500 Illegal PORT Command
425 Can't built data connection: Connection Refused.
ftp>


Thus anyone encounter this problem. By the way I can login in my account but
the problem are the same whe I type any command. I also  using windows 95 to
access our ftp server.

Thank You In Advanced.

=-=-=-=-=-=
RJEY NOMER
=-=-=-=-=-=

__________________________________________________
FREE Email for ALL! Sign up at http://www.mail.com

__________________________________________________
FREE Email for ALL! Sign up at http://www.mail.com






More information about the Ale mailing list