[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can't even do an ls on a FTP server located on the WAN



On Mon, Feb 14, 2005 at 10:53:44PM -0600, eric wrote:
> On Tue, 2005-02-15 at 00:12:59 +0100, Nicolas proclaimed...
> 
> > I'm trying to connect to an FTP server located on the WAN, from a box
> > which is located in my local network.
> > 
> > But I can't even do an ls. I can connect, but then, I can't do anything
> > on the FTP server.
> 
> Post your pf.conf.
Unfortunately, the floppy disk is broken on my bastion. Since the
pf.conf is around 15ko, I'll avoid typing it... ;-)
However, here's the rule I added for the FTP:
pass in quick on $name_itf_ext inet proto tcp from port 20 to
($name_itf_ext) user proxy flags S/SA keep state
Here are the tcpdump -n -e -ttt -r /var/log/pflog output when I try to
connect to the FTP server located on the WAN, from my client:
Feb 15 19:57:10.770100 rule 0/0(match): block in on ep0:
213.246.62.4.36105 > 192.168.14.26.113: S 3830247271:3830247271(0) win
5840 <mss 1420,sackOK,timestamp[|tcp} (DF)
Feb 15 19:57:13.768532 rule 0/0(match): block in on ep0:
213.246.62.4.36105 > 192.168.14.26.113: S 3830247271:3830247271(0) win
5840 <mss 1420,sackOK,timestamp[|tcp] (DF)
Here's what appear on the screen, also:
Feb 15 19:58:36 bastion ftp-proxy[28303]: connect() failed (No route to
host)
Here's the gftp output when I try to connect to the FTP server (which is
ftp.europephoto.com):
Recherche de ftp.europephoto.com
Essai avec heb62004.ikoula.com:21
Connecté sur ftp.europephoto.com:21
220 ProFTPD 1.2.9 Server (ProFTPD) [heb62004.ikoula.com]
USER xxxx
331 Password required for xxxx.
PASS xxxx
230 User xxxx logged in.
SYST
215 UNIX Type: L8
TYPE I
200 Type set to I
PWD
257 "/" is current directory.
Loading directory listing / from server ([email protected])
PASV
227 Entering Passive Mode (192,168,14,26,206,94)
LIST -aL
Déconnexion de l'hôte ftp.europephoto.com
Invalid response '
Here's a line for ftp-proxy in /etc/inetd.conf:
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy
frp-proxy -n -D 3
Here's what written in /var/log/daemon:
Feb 15 19:57:10 bastion ftp-proxy[28303]: accepted connection from
192.168.11.26:34681 to 213.246.62.4:21
Feb 15 19:58:36 bastion ftp-proxy[28303] connect() failed (No route to
host)
=( I sent an email to ikoula.com, which host my website and the ftp
server. I asked them what passive ports are defined in their
proftpd.conf file. They told me it's the port 21, but I'm not quite sure
they clearly understood what information I asked for... :-/
The REALLY strange thing is that I can connect to any other FTP server,
including ftp.debian.fr. Moreover, I never had to set up ftp-proxy on my
OpenBSD bastion to access FTP servers located on the WAN, from my LAN
computer. I set it up yesterday, because I thought it could solve my
problem with connecting to ftp.europephoto.com... :-/
By the way, I use OpenBSD 3.5.
Do you have any idea?
Don't hesitate to ask me for any other information you could need.
Thank you for your help.
Nicolas, Paris.
-- 
--- OxStOnE --------------  O
- Z750 & Linux -------  ._ /\_>
--- Powered ----------  (x)> (x)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~