[ale] iptables, nonstandard ftp and logging?
Eric Z. Ayers
eric.ayers at mindspring.com
Tue Nov 21 07:06:14 EST 2000
In that case, your firewall rules are probably too strict to allow the
FTP protocol.
-Eric.
Robert L. Harris writes:
>
>
> At this point I'm actually trying from the firewall itself,
> and using ncftp I've set "passive on" and retried. Even
> quicking out of ncftp, checking settings and restarting, I
> get the same thing. An "ls" times out. I can CD to
> my hearts content, but any attempt to get or ls fails.
>
> Robert
>
>
> Thus spake Eric Z. Ayers (eric.ayers at mindspring.com):
>
> > If you are trying to use FTP from behind a firewall, then
> > try typing 'passive' before you type 'ls'.
> >
> > This forces all of the ports on the server to be opened as server
> > ports, so that all connections must be initiated from inside the
> > firewall.
> >
> > -Eric.
> > Robert L. Harris writes:
> > >
> > >
> > > I can connect to the ftp server on that port, but when I do an "ls" and
> > > it tries to open the data connection it times out.
> > >
> > > Robert
> > >
> > >
> > > Thus spake Prasanna P Subash (psubash at turbolinux.com):
> > >
> > > >
> > > > it could be as simple as /etc/hosts.allow or /etc/hosts.deny. I always end up forgetting those files.
> > > >
> > > > -Prasanna
> > > >
> > > > On Mon, Nov 20, 2000 at 03:32:39PM -0700, Robert L. Harris wrote:
> > > > >
> > > > >
> > > > > I'm trying to connect to an ftp server on port 3011. It appears to
> > > > > timeout, and I'm thinking it's nota ccepting the ports on the way
> > > > > back. How do I tell iptables to log all failed packets coming
> > > > > to me from the net so I can watch for odd things? I don't see
> > > > > a "--log-rejected" or I just may not be understanding it.
> > > > >
> > > > > Robert
> > > > >
> > > > >
> > > > > :wq!
> > > > > ---------------------------------------------------------------------------
> > > > > Robert L. Harris | Micros~1 :
> > > > > Senior System Engineer | For when quality, reliability
> > > > > at RnD Consulting | and security just aren't
> > > > > \_ that important!
> > > > > DISCLAIMER:
> > > > > These are MY OPINIONS ALONE. I speak for no-one else.
> > > > > FYI:
> > > > > perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > > > >
> > > > > --
> > > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > > >
> > > > --
> > > > Prasanna P Subash
> > > > psubash at turbolinux.com
> > >
> > >
> > >
> > >
> > >
> > > :wq!
> > > ---------------------------------------------------------------------------
> > > Robert L. Harris | Micros~1 :
> > > Senior System Engineer | For when quality, reliability
> > > at RnD Consulting | and security just aren't
> > > \_ that important!
> > > DISCLAIMER:
> > > These are MY OPINIONS ALONE. I speak for no-one else.
> > > FYI:
> > > perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > >
> > > --
> > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
>
>
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris | Micros~1 :
> Senior System Engineer | For when quality, reliability
> at RnD Consulting | and security just aren't
> \_ that important!
> DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
> FYI:
> perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list