[NTLUG:Discuss] firewall and ftp problem
Jack Snodgrass
idiotboy+ntlug at cybermail.net
Fri Jan 25 12:36:25 CST 2002
Not sure about the 'AUTH' stuff.
You do get
230 User uzd logged in.
so I don't think that this matters.
probably just a ftp data port problem.
If you use FTP in passive mode, does it work?
jack
----- Original Message -----
From: "m m" <llliiilll at hotmail.com>
To: <discuss at ntlug.org>
Sent: Friday, January 25, 2002 3:50 PM
Subject: [NTLUG:Discuss] firewall and ftp problem
> What/why is this mean?
> on Linux box
> KERBEROS_V4 rejected as an authentication type
> but ftp works
> and
> on windoz box
> 500 'AUTH GSSAPI': command not understood
> 500 'AUTH KERBEROS_V4': command not understood
> ftp did not work
>
>
> My box is RH 6.2 with 2.4.14 kernel.
> I use iptables doing ftp filter to Linux box and Windoz box,
> set regular port # (21) for Linux box and port 8021 for Windoz box.
> see below part of the firewall rules:
>
> -------------------------------------------------
> #!/bin/sh
> # Insert the required kernel modules
> modprobe iptable_nat
> modprobe ip_conntrack
> modprobe ip_conntrack_ftp
> modprobe ip_nat_ftp
>
> iptables -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
> iptables -v -t nat -A POSTROUTING -d 12.237.96.67 -j MASQUERADE
>
> # Note:There are more "reserved" networks, but these are the classical
ones.
>
> iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
> --dport 21 -j DNAT --to 192.168.1.3:21
> iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
> --dport 8021 -j DNAT --to 192.168.1.2:8021
>
> echo "firewall done."
> --------------------------------------------------------
>
> when I ftp use regular port, I get
>
> KERBEROS_V4 rejected as an authentication type
>
> but everything else works. I can transfer files.
> Does this KERBEROS_V4 rejected... matter? from any view point.
> below is the session of this ftp login:
>
> -----------------------------------------------
> [user at foobar user]$ ftp 12.23.196.167
> Connected to 12.23.196.167.
> 220 ftp.hsugroup.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36
EST
> 2000) ready.
> 530 Please login with USER and PASS.
> 530 Please login with USER and PASS.
> KERBEROS_V4 rejected as an authentication type
> Name (12.23.196.167:jc):
> -------------------------------------------------
>
> when I ftp use 8021 port, (set on firewall rule, and windoz box) I get
>
> 500 'AUTH GSSAPI': command not understood
> 500 'AUTH KERBEROS_V4': command not understood
> KERBEROS_V4 rejected as an authentication type
> I can logon it but it doesn't work. I can not do anythings.
> below is the session of this ftp login:
>
> -------------------------------------------
> [jc at foobar jc]$ ftp 12.23.196.167 8021
> Connected to 12.23.196.167.
> 220 alph Microsoft FTP Service (Version 4.0).
> 500 'AUTH GSSAPI': command not understood
> 500 'AUTH KERBEROS_V4': command not understood
> KERBEROS_V4 rejected as an authentication type
> Name (12.23.196.167:user): uzd
> 331 Password required for uzd.
> Password:
> 230 User uzd logged in.
> Remote system type is Windows_NT.
> ftp> put zzz
> local: zzz remote: zzz
> 500 Invalid PORT Command.
> ftp: bind: Address already in use
> ftp> ls
> 500 Invalid PORT Command.
> ftp> dir
> 500 Invalid PORT Command.
> ftp>
> -----------------------------------------
>
> Can Anyone help
>
> sorry for the long description. I hope this make people see the insight of
> my problem.
>
> TIA.
>
>
>
>
> _________________________________________________________________
> Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list