[NTLUG:Discuss] firewall and ftp problem

m m llliiilll at hotmail.com
Fri Jan 25 19:34:55 CST 2002 

How do I use FTP in passive mode by command line?


>From: "Jack Snodgrass" <idiotboy+ntlug at cybermail.net>
>Reply-To: discuss at ntlug.org
>To: <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] firewall and ftp problem
>Date: Fri, 25 Jan 2002 12:36:25 -0600
>
>Not sure about the 'AUTH' stuff.
>
>You do get
>230 User uzd logged in.
>so I don't think that this matters.
>
>probably just a ftp data port problem.
>
>If you use FTP in passive mode, does it work?
>
>jack
>
>
>----- Original Message -----
>From: "m m" <llliiilll at hotmail.com>
>To: <discuss at ntlug.org>
>Sent: Friday, January 25, 2002 3:50 PM
>Subject: [NTLUG:Discuss] firewall and ftp problem
>
>
> > What/why is this mean?
> > on Linux box
> > KERBEROS_V4 rejected as an authentication type
> > but ftp works
> > and
> > on windoz box
> > 500 'AUTH GSSAPI': command not understood
> > 500 'AUTH KERBEROS_V4': command not understood
> > ftp did not work
> >
> >
> > My box is RH 6.2 with 2.4.14 kernel.
> > I use iptables doing ftp filter to Linux box and Windoz box,
> > set regular port # (21) for Linux box and port 8021 for Windoz box.
> > see below part of the firewall rules:
> >
> > -------------------------------------------------
> > #!/bin/sh
> > # Insert the required kernel modules
> > modprobe iptable_nat
> > modprobe ip_conntrack
> > modprobe ip_conntrack_ftp
> > modprobe ip_nat_ftp
> >
> > iptables  -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j  MASQUERADE
> > iptables  -v -t nat -A POSTROUTING -d 12.237.96.67 -j  MASQUERADE
> >
> > # Note:There are more "reserved" networks, but these are the classical
>ones.
> >
> > iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
> >                          --dport 21 -j DNAT --to 192.168.1.3:21
> > iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
> >                          --dport 8021 -j DNAT --to 192.168.1.2:8021
> >
> > echo "firewall done."
> > --------------------------------------------------------
> >
> > when I ftp use regular port, I get
> >
> > KERBEROS_V4 rejected as an authentication type
> >
> > but everything else works. I can transfer files.
> > Does this KERBEROS_V4 rejected... matter? from any view point.
> > below is the session of this ftp login:
> >
> > -----------------------------------------------
> > [user at foobar user]$ ftp 12.23.196.167
> > Connected to 12.23.196.167.
> > 220 ftp.hsugroup.com FTP server (Version wu-2.6.0(1) Mon Feb 28 10:30:36
>EST
> > 2000) ready.
> > 530 Please login with USER and PASS.
> > 530 Please login with USER and PASS.
> > KERBEROS_V4 rejected as an authentication type
> > Name (12.23.196.167:jc):
> > -------------------------------------------------
> >
> > when I ftp use 8021 port, (set on firewall rule, and windoz box)  I get
> >
> > 500 'AUTH GSSAPI': command not understood
> > 500 'AUTH KERBEROS_V4': command not understood
> > KERBEROS_V4 rejected as an authentication type
> > I can logon it but it doesn't work. I can not do anythings.
> > below is the session of this ftp login:
> >
> > -------------------------------------------
> > [jc at foobar jc]$ ftp 12.23.196.167 8021
> > Connected to 12.23.196.167.
> > 220 alph Microsoft FTP Service (Version 4.0).
> > 500 'AUTH GSSAPI': command not understood
> > 500 'AUTH KERBEROS_V4': command not understood
> > KERBEROS_V4 rejected as an authentication type
> > Name (12.23.196.167:user): uzd
> > 331 Password required for uzd.
> > Password:
> > 230 User uzd logged in.
> > Remote system type is Windows_NT.
> > ftp> put zzz
> > local: zzz remote: zzz
> > 500 Invalid PORT Command.
> > ftp: bind: Address already in use
> > ftp> ls
> > 500 Invalid PORT Command.
> > ftp> dir
> > 500 Invalid PORT Command.
> > ftp>
> > -----------------------------------------
> >
> > Can Anyone help
> >
> > sorry for the long description. I hope this make people see the insight 
>of
> > my problem.
> >
> > TIA.
> >
> >
> >
> >
> > _________________________________________________________________
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> >
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss




_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx

More information about the Discuss mailing list