[NTLUG:Discuss] firewall and ftp problem

Jack Snodgrass idiotboy+ntlug at cybermail.net
Fri Jan 25 13:45:26 CST 2002 

depends on the ftp client. Try
pass
pasive
pass on

You may want to try a different FTP client. I like ncftp.
I think that it does passive ftp be default or switches to that if it
has a problem with the ftp server. It's a pretty smart command
line client.

jack



----- Original Message -----
From: "m m" <llliiilll at hotmail.com>
To: <discuss at ntlug.org>
Sent: Friday, January 25, 2002 7:34 PM
Subject: Re: [NTLUG:Discuss] firewall and ftp problem


> How do I use FTP in passive mode by command line?
>
>
> >From: "Jack Snodgrass" <idiotboy+ntlug at cybermail.net>
> >Reply-To: discuss at ntlug.org
> >To: <discuss at ntlug.org>
> >Subject: Re: [NTLUG:Discuss] firewall and ftp problem
> >Date: Fri, 25 Jan 2002 12:36:25 -0600
> >
> >Not sure about the 'AUTH' stuff.
> >
> >You do get
> >230 User uzd logged in.
> >so I don't think that this matters.
> >
> >probably just a ftp data port problem.
> >
> >If you use FTP in passive mode, does it work?
> >
> >jack
> >
> >
> >----- Original Message -----
> >From: "m m" <llliiilll at hotmail.com>
> >To: <discuss at ntlug.org>
> >Sent: Friday, January 25, 2002 3:50 PM
> >Subject: [NTLUG:Discuss] firewall and ftp problem
> >
> >
> > > What/why is this mean?
> > > on Linux box
> > > KERBEROS_V4 rejected as an authentication type
> > > but ftp works
> > > and
> > > on windoz box
> > > 500 'AUTH GSSAPI': command not understood
> > > 500 'AUTH KERBEROS_V4': command not understood
> > > ftp did not work
> > >
> > >
> > > My box is RH 6.2 with 2.4.14 kernel.
> > > I use iptables doing ftp filter to Linux box and Windoz box,
> > > set regular port # (21) for Linux box and port 8021 for Windoz box.
> > > see below part of the firewall rules:
> > >
> > > -------------------------------------------------
> > > #!/bin/sh
> > > # Insert the required kernel modules
> > > modprobe iptable_nat
> > > modprobe ip_conntrack
> > > modprobe ip_conntrack_ftp
> > > modprobe ip_nat_ftp
> > >
> > > iptables  -v -t nat -A POSTROUTING -s 192.168.1.0/24 -j  MASQUERADE
> > > iptables  -v -t nat -A POSTROUTING -d 12.237.96.67 -j  MASQUERADE
> > >
> > > # Note:There are more "reserved" networks, but these are the classical
> >ones.
> > >
> > > iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
> > >                          --dport 21 -j DNAT --to 192.168.1.3:21
> > > iptables -A PREROUTING -t nat -p tcp -d 12.23.196.167 \
> > >                          --dport 8021 -j DNAT --to 192.168.1.2:8021
> > >
> > > echo "firewall done."
> > > --------------------------------------------------------
> > >
> > > when I ftp use regular port, I get
> > >
> > > KERBEROS_V4 rejected as an authentication type
> > >
> > > but everything else works. I can transfer files.
> > > Does this KERBEROS_V4 rejected... matter? from any view point.
> > > below is the session of this ftp login:
> > >
> > > -----------------------------------------------
> > > [user at foobar user]$ ftp 12.23.196.167
> > > Connected to 12.23.196.167.
> > > 220 ftp.hsugroup.com FTP server (Version wu-2.6.0(1) Mon Feb 28
10:30:36
> >EST
> > > 2000) ready.
> > > 530 Please login with USER and PASS.
> > > 530 Please login with USER and PASS.
> > > KERBEROS_V4 rejected as an authentication type
> > > Name (12.23.196.167:jc):
> > > -------------------------------------------------
> > >
> > > when I ftp use 8021 port, (set on firewall rule, and windoz box)  I
get
> > >
> > > 500 'AUTH GSSAPI': command not understood
> > > 500 'AUTH KERBEROS_V4': command not understood
> > > KERBEROS_V4 rejected as an authentication type
> > > I can logon it but it doesn't work. I can not do anythings.
> > > below is the session of this ftp login:
> > >
> > > -------------------------------------------
> > > [jc at foobar jc]$ ftp 12.23.196.167 8021
> > > Connected to 12.23.196.167.
> > > 220 alph Microsoft FTP Service (Version 4.0).
> > > 500 'AUTH GSSAPI': command not understood
> > > 500 'AUTH KERBEROS_V4': command not understood
> > > KERBEROS_V4 rejected as an authentication type
> > > Name (12.23.196.167:user): uzd
> > > 331 Password required for uzd.
> > > Password:
> > > 230 User uzd logged in.
> > > Remote system type is Windows_NT.
> > > ftp> put zzz
> > > local: zzz remote: zzz
> > > 500 Invalid PORT Command.
> > > ftp: bind: Address already in use
> > > ftp> ls
> > > 500 Invalid PORT Command.
> > > ftp> dir
> > > 500 Invalid PORT Command.
> > > ftp>
> > > -----------------------------------------
> > >
> > > Can Anyone help
> > >
> > > sorry for the long description. I hope this make people see the
insight
> >of
> > > my problem.
> > >
> > > TIA.
> > >
> > >
> > >
> > >
> > > _________________________________________________________________
> > > Chat with friends online, try MSN Messenger: http://messenger.msn.com
> > >
> > >
> > > _______________________________________________
> > > http://www.ntlug.org/mailman/listinfo/discuss
> > >
> >
> >
> >_______________________________________________
> >http://www.ntlug.org/mailman/listinfo/discuss
>
>
>
>
> _________________________________________________________________
> MSN Photos is the easiest way to share and print your photos:
> http://photos.msn.com/support/worldwide.aspx
>
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list