ipchains and ftp

I'm currently unable to FTP to a machine that has ipchains running on it. I know that for ftp you need the ip_masq_ftp module. I've installed this implicitly using linuxconf(1.17r3) and if I do an lsmod I can see that it has been loaded, although used has 0 for a value. What am I doing wrong?
Thanks
LVL 3
tiboriAsked:
Who is Participating?
 
macleajbCommented:
If you have access to the machine, run "netstat -ln" and look for a line with :21 for :ftp.
Then try to telnet to that box port 21 "telnet <ip> 21" and see if you get a connect. If you get a connection refused, or ot times out, and you saw that port 21 was available, then ipchains could be blocking traffic. To find out take a look at the output of "ipchains -L -n" and see if it is blocking port 21 (REJECT). Also, are you able to ftp past/through the box to a box on the other side of it? Does other traffic get through?
0
 
macleajbCommented:
ip_masq_ftp is only needed if you are a box providing a gateway from one network to another. This does not appear to be that case.
.. ftp uses two data channels, the first is port 21 and it is easily configured with ipchains (on either box). The second is a more random port that both boxes decide on. If ipchains is blocking the port range that contains the port the client and server have decided on, then the connection will allow you to log in, but you will get no response to commands like 'ls'.
.. if you are _not_ running ipchains, then you can use tcpdump on either/both hosts to see if any communication is being allowed.
.. also is the ftp daemon running on the target box?
0
 
macleajbCommented:
ip_masq_ftp is only needed if you are a box providing a gateway from one network to another. This does not appear to be that case.
.. ftp uses two data channels, the first is port 21 and it is easily configured with ipchains (on either box). The second is a more random port that both boxes decide on. If ipchains is blocking the port range that contains the port the client and server have decided on, then the connection will allow you to log in, but you will get no response to commands like 'ls'.
.. if you are _not_ running ipchains, then you can use tcpdump on either/both hosts to see if any communication is being allowed.
.. also is the ftp daemon running on the target box?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
tiboriAuthor Commented:
macleajb: Actually this machine is a gateway for dialup users to access the lan and vice versa. I am not sure if the ftp service is running(how do I check?) I can see the inetd running, and in inetd.conf the ftp line is uncommented? What else should I be checking for?
Thanks
0
 
tiboriAuthor Commented:
Trying to telnet to port 21 gives me the following:
Trying 192.168.4.200...
Connected to hostname.domainname.com.
Escape character is '^]'.
Connection closed by foreign host.  
Doing a ipchains -L -n shows the firewall settings(which I set up) and they seem correct. Here's what it looks like:
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ----l-  192.168.6.0/24       0.0.0.0/0             n/a
MASQ       all  ------  192.168.4.0/24       192.168.6.0/24        n/a
MASQ       all  ----l-  192.168.10.10        192.168.6.0/24        n/a
Chain output (policy ACCEPT):  

The 6's are the dialup users, the 4's are the LAN users and the 10 is a point-to-point to another LAN.
Any problems you see there?
BTW, there's only one netcard in this machine(is that a problem)
Thanks                                            
0
 
macleajbCommented:
A simple thought. Did you check /etc/hosts.allow and /etc/hosts.deny to make sure ftpd (probably in.ftpd) is referenced there to be allowed? I expect you are using /usr/sbin/tcpd (tcp-wrappers)?
0
 
tiboriAuthor Commented:
Well there are no entries in the /etc/hosts.allow and hosts.deny files. I am using tcpd. The interesting thing is that I can't even ftp to localhost, or even ftp to 127.0.0.1. So it seems that it's either a routing problem or the ftp server is not running. Trying to do a "whereis in.ftpd" comes up with all the others (eg in.fingerd, in.telnetd) except in.ftpd. If by some chance this file was deleted where do I look for it and how do I put it back?
Thanks
0
 
tiboriAuthor Commented:
Alright that was the problem. I just copied the in.ftpd from another system to this system and it solved the problem. If you can tell me what package(rpm for RH6.1) this ftpd is part of the points are yours.
Thanks
0
 
tiboriAuthor Commented:
Never mind. I found the package that was missing: wu-ftpd.
Installing it fiexed everything.
Thanks for all your help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.