[NTLUG:Discuss] firewall and ftp problem

m m llliiilll at hotmail.com
Fri Jan 25 15:50:36 CST 2002 

What/why is this mean?
on Linux box
KERBEROS_V4 rejected as an authentication type
but ftp works
and
on windoz box
500 'AUTH GSSAPI': command not understood
500 'AUTH KERBEROS_V4': command not understood
ftp did not work


My box is RH 6.2 with 2.4.14 kernel.
I use iptables doing ftp filter to Linux box and Windoz box,
set regular port # (21) for Linux box and port 8021 for Windoz box.
see below part of the firewall rules:

-------------------------------------------------
#!/bin/sh
# Insert the required kernel modules
modprobe iptable_nat
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

iptables  -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j  MASQUERADE
iptables  -v -t nat -A POSTROUTING -d 12.237.96.67 -j  MASQUERADE

# Note:There are more "reserved" networks, but these are the classical ones.

iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
                         --dport 21 -j DNAT --to 192.168.1.3:21
iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
                         --dport 8021 -j DNAT --to 192.168.1.2:8021

echo "firewall done."
--------------------------------------------------------

when I ftp use regular port, I get

KERBEROS_V4 rejected as an authentication type

but everything else works. I can transfer files.
Does this KERBEROS_V4 rejected... matter? from any view point.
below is the session of this ftp login:

-----------------------------------------------
[user at foobar user]$ ftp 12.23.196.167
Connected to 12.23.196.167.
220 ftp.hsugroup.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36 EST 
2000) ready.
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (12.23.196.167:jc):
-------------------------------------------------

when I ftp use 8021 port, (set on firewall rule, and windoz box)  I get

500 'AUTH GSSAPI': command not understood
500 'AUTH KERBEROS_V4': command not understood
KERBEROS_V4 rejected as an authentication type
I can logon it but it doesn't work. I can not do anythings.
below is the session of this ftp login:

-------------------------------------------
[jc at foobar jc]$ ftp 12.23.196.167 8021
Connected to 12.23.196.167.
220 alph Microsoft FTP Service (Version 4.0).
500 'AUTH GSSAPI': command not understood
500 'AUTH KERBEROS_V4': command not understood
KERBEROS_V4 rejected as an authentication type
Name (12.23.196.167:user): uzd
331 Password required for uzd.
Password:
230 User uzd logged in.
Remote system type is Windows_NT.
ftp> put zzz
local: zzz remote: zzz
500 Invalid PORT Command.
ftp: bind: Address already in use
ftp> ls
500 Invalid PORT Command.
ftp> dir
500 Invalid PORT Command.
ftp>
-----------------------------------------

Can Anyone help

sorry for the long description. I hope this make people see the insight of 
my problem.

TIA.




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

More information about the Discuss mailing list