Cant login to FTP server.

fbsd_user fbsd_user at a1poweruser.com
Tue Feb 14 04:58:11 PST 2006 

Daniel
You did not say where you were running ftp from.
like from LAN box to gateway server  or
from gateway box to public internet remote ftp site  or
from public internet remote user to your gateway ftp server.

I am guessing its from gateway box to public internet remote ftp
site.
Your nat rules need to look like this example. You are missing the
second rule.

map dc0 10.0.10.0/29 -> 0/32 proxy port 21 ftp/tcp
map dc0 0.0.0.0/0 -> 0/32 proxy port 21 ftp/tcp
map dc0 10.0.10.0/29 -> 0/32

The first rule handles all FTP traffic for the private LAN.
The second rule handles all FTP traffic from the gateway.
The third rule handles all non-FTP traffic for the private LAN.
All the non-FTP gateway traffic is using the public IP address by
default so
there is no ipnat rule needed.

-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Daniel A.
Sent: Tuesday, February 14, 2006 7:42 AM
To: questions at freebsd.org
Subject: Cant login to FTP server.


Hi, I have some FTP login problems.
I run FreeBSD 6.0-RELEASE, and I have ipf and ipnat enabled.

_______SNIP_______
Status:	Connecting to dienub.org ...
Status:	Connected with dienub.org. Waiting for welcome message...
Response:	220 m00h.dienub.org FTP server (Version 6.00LS) ready.
Command:	USER **************
Response:	331 Password required for alive.
Command:	PASS **************
Response:	230 User alive logged in.
Command:	FEAT
Response:	500 FEAT: command not understood.
Command:	SYST
Response:	215 UNIX Type: L8 Version: BSD-199506
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/usr/home/alive" is current directory.
Command:	TYPE A
Response:	200 Type set to A.
Command:	PASV
Response:	227 Entering Passive Mode (87,49,144,133,237,45)
Command:	LIST
Error:	Transfer channel can't be opened. Reason: A connection
attempt
failed because the connected party did not properly respond after a
period of time, or established connection failed because connected
host has failed to respond.
Error:	Could not retrieve directory listing
Command:	TYPE A
_______SNIP_______


/etc/ipf.rules:
_______SNIP_______
# Let clients behind the firewall send out to the internet, and
replies to
# come back in by keeping state.
pass out quick on rl0 proto tcp all keep state
pass out quick on rl0 proto udp all keep state
pass out quick on rl0 proto icmp all keep state

# Since nothing should be coming from these address ranges, block
them
block in quick on rl0 from 192.168.0.0/16 to any
block in quick on rl0 from 172.16.0.0/12 to any
block in quick on rl0 from 10.0.0.0/8 to any
block in quick on rl0 from 127.0.0.0/8 to any
block in quick on rl0 from 192.0.2.0/24 to any

# Let's let people access the services running behind this system

# Let's let people access the services running on this system
pass in quick on rl0 proto tcp from any to any port 30000 >< 50000
flags S keep state #PASV FTP
pass in quick on rl0 proto tcp from any to any port = 21 #FTP
pass in quick on rl0 proto tcp from any to any port = 22 #SSH
pass in quick on rl0 proto tcp from any to any port = 80 #WWW
pass in quick on rl0 proto tcp from any to any port = 113 #oidentd

        # Steam Dedicated Server
#pass in quick on rl0 proto udp from any to any port = 1200 #
Friends network
#pass in quick on rl0 proto udp from any to any port 26999 >< 27016
# Gameport
#pass in quick on rl0 proto udp from any to any port = 27020
#pass in quick on rl0 proto tcp from any to any port 27029 >< 27040
#pass in quick on rl0 proto tcp from any to any port = 27015 # SRCDS
Rcon

# Block everything else
block in quick on rl0 all
_______SNIP_______


/etc/ipnat.rules
_______SNIP_______
map rl0 192.168.0.0/16 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map rl0 192.168.0.0/16 -> 0.0.0.0/32 portmap tcp/udp 1025:65000
map rl0 192.168.0.0/16 -> 0.0.0.0/32
_______SNIP_______


Might the problem be anywhere else besides my ipf and ipnat configs?
Could it be the remote client that's the problem?
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list