[ale] iptables, nonstandard ftp and logging?

Robert L. Harris Robert.L.Harris at rnd-consulting.com
Mon Nov 20 20:29:03 EST 2000 



At this point I'm actually trying from the firewall itself,
 and using ncftp I've set "passive on" and retried.  Even
quicking out of ncftp, checking settings and restarting, I
get the same thing.  An "ls" times out.  I can CD to
my hearts content, but any attempt to get or ls fails.

Robert


Thus spake Eric Z. Ayers (eric.ayers at mindspring.com):

> If you are trying to use FTP from behind a firewall, then
> try typing 'passive' before you type 'ls'.
> 
> This forces all of the ports on the server to be opened as server
> ports, so that all connections must be initiated from inside the
> firewall. 
> 
> -Eric.
> Robert L. Harris writes:
>  > 
>  > 
>  >   I can connect to the ftp server on that port, but when I do an "ls" and
>  > it tries to open the data connection it times out.
>  > 
>  > Robert
>  > 
>  > 
>  > Thus spake Prasanna P Subash (psubash at turbolinux.com):
>  > 
>  > > 
>  > > it could be as simple as /etc/hosts.allow or /etc/hosts.deny. I always end up forgetting those files.
>  > > 
>  > > -Prasanna
>  > > 
>  > > On Mon, Nov 20, 2000 at 03:32:39PM -0700, Robert L. Harris wrote:
>  > > > 
>  > > > 
>  > > > I'm trying to connect to an ftp server on port 3011.  It appears to
>  > > > timeout, and I'm thinking it's nota ccepting the ports on the way
>  > > > back.  How do I tell iptables to log all failed packets coming
>  > > > to me from the net so I can watch for odd things?  I don't see
>  > > > a "--log-rejected" or I just may not be understanding it.
>  > > > 
>  > > > Robert
>  > > > 
>  > > > 
>  > > > :wq!
>  > > > ---------------------------------------------------------------------------
>  > > > Robert L. Harris                |  Micros~1 :  
>  > > > Senior System Engineer          |    For when quality, reliability 
>  > > >   at RnD Consulting             |      and security just aren't
>  > > >                                 \_       that important!
>  > > > DISCLAIMER:
>  > > >       These are MY OPINIONS ALONE.  I speak for no-one else.
>  > > > FYI:
>  > > >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>  > > > 
>  > > > --
>  > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>  > > 
>  > > -- 
>  > > Prasanna P Subash
>  > > psubash at turbolinux.com
>  > 
>  > 
>  > 
>  > 
>  > 
>  > :wq!
>  > ---------------------------------------------------------------------------
>  > Robert L. Harris                |  Micros~1 :  
>  > Senior System Engineer          |    For when quality, reliability 
>  >   at RnD Consulting             |      and security just aren't
>  >                                 \_       that important!
>  > DISCLAIMER:
>  >       These are MY OPINIONS ALONE.  I speak for no-one else.
>  > FYI:
>  >  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>  > 
>  > --
>  > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list