squat_rack
asked on
FTP & Firewall problem. Can connect but no data transfer
Ok,
This one is kicking my ass. Here is the background.
FTP->Windows XP -> XP FireWall ->Linksys BEFSR41-> INTERNET -> Linux Box
I can connect to the linux box but an ls will hang. Port 21 is for control data and Port 20 is for data. I realize this is a classic firewall issue.
Here is what I tried:
#1. Try passive mode(PASV) - Same problem.
#2. Remapp port 20 & 21 on the Linksys to the Windows XP IP address - Same problem
#3. Turn off XP firewall in conjunction with #2. - Same problem.
Bringing down the firewall on the Linksys or putting the machine as A DMZ is not an option, too much risk.
Question :
1) Am I missing any steps? Did I not remap the port correctly?
2) Any way to debug this further.
I could have screwed up with #2.
--thanks
This one is kicking my ass. Here is the background.
FTP->Windows XP -> XP FireWall ->Linksys BEFSR41-> INTERNET -> Linux Box
I can connect to the linux box but an ls will hang. Port 21 is for control data and Port 20 is for data. I realize this is a classic firewall issue.
Here is what I tried:
#1. Try passive mode(PASV) - Same problem.
#2. Remapp port 20 & 21 on the Linksys to the Windows XP IP address - Same problem
#3. Turn off XP firewall in conjunction with #2. - Same problem.
Bringing down the firewall on the Linksys or putting the machine as A DMZ is not an option, too much risk.
Question :
1) Am I missing any steps? Did I not remap the port correctly?
2) Any way to debug this further.
I could have screwed up with #2.
--thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Your diagram is correct. except there is a Windows firewall on the XP#1 box.
XP#1->Windows Firewall <--> Linksys BEFSR41
from XP #1 I CAN connect but can't send or recieve data. The linux box is off a DSL router. The DMZ is diabled on the DSL router and I"m using IPTABLES to protect the Linux box.
Thanks for clearing up the port mapping.
So you are saying is that basically it should work without any fiddling with the Linksys if I use passive FTP?
IF I can connect but can't send data,, it tells me that the Linux box is not able to get through the firewall right? I sthere a way I can debug from the windows box. Is there an open source debug tool?
--thanks
XP#1->Windows Firewall <--> Linksys BEFSR41
from XP #1 I CAN connect but can't send or recieve data. The linux box is off a DSL router. The DMZ is diabled on the DSL router and I"m using IPTABLES to protect the Linux box.
Thanks for clearing up the port mapping.
So you are saying is that basically it should work without any fiddling with the Linksys if I use passive FTP?
IF I can connect but can't send data,, it tells me that the Linux box is not able to get through the firewall right? I sthere a way I can debug from the windows box. Is there an open source debug tool?
--thanks
If using passive, then you should not have to change anything on your side. The linux side (meaning the Linux system itself and any firewalls in front of it) is what has to be setup properly for this.
Wireshark is a free packet sniffer (http://www.wireshark.org). It is sort of new, but not really. Wireshark is the new name of Ethereal (http://www.ethereal.com).
For windows, go ahead and get Wireshark. For the Linux side if you normally use rpm's to install/manage software then I would suggest getting Ethereal for the Linux box. If you are used to tar files and doing configure/make/make installs. then you can go ahead and get Wireshark for the Linux box.
Debuging from the Windows box only will be a bit tough. For passive transfer all you will be able to tell is if you sent the SYN out to intitate the data connection on the correct port. You have to assume that it went all the way out to the Linux box.
Is there any firewall on the DSL modem? Normally there is not, but I have seen some (targeted toward SMBs) that do.
Wireshark is a free packet sniffer (http://www.wireshark.org). It is sort of new, but not really. Wireshark is the new name of Ethereal (http://www.ethereal.com).
For windows, go ahead and get Wireshark. For the Linux side if you normally use rpm's to install/manage software then I would suggest getting Ethereal for the Linux box. If you are used to tar files and doing configure/make/make installs. then you can go ahead and get Wireshark for the Linux box.
Debuging from the Windows box only will be a bit tough. For passive transfer all you will be able to tell is if you sent the SYN out to intitate the data connection on the correct port. You have to assume that it went all the way out to the Linux box.
Is there any firewall on the DSL modem? Normally there is not, but I have seen some (targeted toward SMBs) that do.
ASKER
I'll try your suggestions and let you know. There was a firewall on the DSL however it has been disabled.
great ftp explained site.
http://slacksite.com/other/ftp.html
http://slacksite.com/other/ftp.html
ASKER
Ok an update. This took me a while but what I have done is narrowed the problem to be with the ISP. Basically I removed the Linksys router from the equation. I connect my notebook(Windows XP) directly to the ISP. Got an dynamic IP via DHCP. I was still not able to ftp data.
The ISP had previously told me they weren't blocking ports. I may still have a problem with Linksys howerver I KNOW there is a problem with the ISP. I have sent them an email. Let's see..
Thank you for all your assistance.
Hm
The ISP had previously told me they weren't blocking ports. I may still have a problem with Linksys howerver I KNOW there is a problem with the ISP. I have sent them an email. Let's see..
Thank you for all your assistance.
Hm
ASKER
I have awared the points as the answeres where good and reninforced my shakey understanding.
--thanks
--thanks
Hope you read the link I posted. It will help further your understanding.
ASKER