Solved

ipchains and ftp

Posted on 2000-04-19
9
367 Views
Last Modified: 2010-03-18
I'm currently unable to FTP to a machine that has ipchains running on it. I know that for ftp you need the ip_masq_ftp module. I've installed this implicitly using linuxconf(1.17r3) and if I do an lsmod I can see that it has been loaded, although used has 0 for a value. What am I doing wrong?
Thanks
0
Comment
Question by:tibori
  • 5
  • 4
9 Comments
 

Expert Comment

by:macleajb
ID: 2732926
ip_masq_ftp is only needed if you are a box providing a gateway from one network to another. This does not appear to be that case.
.. ftp uses two data channels, the first is port 21 and it is easily configured with ipchains (on either box). The second is a more random port that both boxes decide on. If ipchains is blocking the port range that contains the port the client and server have decided on, then the connection will allow you to log in, but you will get no response to commands like 'ls'.
.. if you are _not_ running ipchains, then you can use tcpdump on either/both hosts to see if any communication is being allowed.
.. also is the ftp daemon running on the target box?
0
 

Expert Comment

by:macleajb
ID: 2734016
ip_masq_ftp is only needed if you are a box providing a gateway from one network to another. This does not appear to be that case.
.. ftp uses two data channels, the first is port 21 and it is easily configured with ipchains (on either box). The second is a more random port that both boxes decide on. If ipchains is blocking the port range that contains the port the client and server have decided on, then the connection will allow you to log in, but you will get no response to commands like 'ls'.
.. if you are _not_ running ipchains, then you can use tcpdump on either/both hosts to see if any communication is being allowed.
.. also is the ftp daemon running on the target box?
0
 
LVL 3

Author Comment

by:tibori
ID: 2735952
macleajb: Actually this machine is a gateway for dialup users to access the lan and vice versa. I am not sure if the ftp service is running(how do I check?) I can see the inetd running, and in inetd.conf the ftp line is uncommented? What else should I be checking for?
Thanks
0
 

Accepted Solution

by:
macleajb earned 30 total points
ID: 2736004
If you have access to the machine, run "netstat -ln" and look for a line with :21 for :ftp.
Then try to telnet to that box port 21 "telnet <ip> 21" and see if you get a connect. If you get a connection refused, or ot times out, and you saw that port 21 was available, then ipchains could be blocking traffic. To find out take a look at the output of "ipchains -L -n" and see if it is blocking port 21 (REJECT). Also, are you able to ftp past/through the box to a box on the other side of it? Does other traffic get through?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Author Comment

by:tibori
ID: 2736140
Trying to telnet to port 21 gives me the following:
Trying 192.168.4.200...
Connected to hostname.domainname.com.
Escape character is '^]'.
Connection closed by foreign host.  
Doing a ipchains -L -n shows the firewall settings(which I set up) and they seem correct. Here's what it looks like:
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ----l-  192.168.6.0/24       0.0.0.0/0             n/a
MASQ       all  ------  192.168.4.0/24       192.168.6.0/24        n/a
MASQ       all  ----l-  192.168.10.10        192.168.6.0/24        n/a
Chain output (policy ACCEPT):  

The 6's are the dialup users, the 4's are the LAN users and the 10 is a point-to-point to another LAN.
Any problems you see there?
BTW, there's only one netcard in this machine(is that a problem)
Thanks                                            
0
 

Expert Comment

by:macleajb
ID: 2736583
A simple thought. Did you check /etc/hosts.allow and /etc/hosts.deny to make sure ftpd (probably in.ftpd) is referenced there to be allowed? I expect you are using /usr/sbin/tcpd (tcp-wrappers)?
0
 
LVL 3

Author Comment

by:tibori
ID: 2744933
Well there are no entries in the /etc/hosts.allow and hosts.deny files. I am using tcpd. The interesting thing is that I can't even ftp to localhost, or even ftp to 127.0.0.1. So it seems that it's either a routing problem or the ftp server is not running. Trying to do a "whereis in.ftpd" comes up with all the others (eg in.fingerd, in.telnetd) except in.ftpd. If by some chance this file was deleted where do I look for it and how do I put it back?
Thanks
0
 
LVL 3

Author Comment

by:tibori
ID: 2745168
Alright that was the problem. I just copied the in.ftpd from another system to this system and it solved the problem. If you can tell me what package(rpm for RH6.1) this ftpd is part of the points are yours.
Thanks
0
 
LVL 3

Author Comment

by:tibori
ID: 2745352
Never mind. I found the package that was missing: wu-ftpd.
Installing it fiexed everything.
Thanks for all your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux - Fibre Channel arbitrated loop 2 94
Lame BIND 9.3 10 58
running production stuff on centos 4 113
Linux Hanging with disable Error Output 4 81
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now