[BUG] ip_nat_ftp fails for some ftp servers (fwd)

Martin Josefsson gandalf@wlug.westbo.se
Sun, 7 Oct 2001 00:55:55 +0200 (CEST)


My reply was also only sent to the netfilter list.

/Martin

Never argue with an idiot. They drag you down to their level, then beat you with experience.

---------- Forwarded message ----------
Date: Sun, 7 Oct 2001 00:53:47 +0200 (CEST)
From: Martin Josefsson <gandalf@wlug.westbo.se>
To: Xuan Baldauf <xuan--lkml@baldauf.org>
Cc: netfilter@lists.samba.org
Subject: Re: [BUG] ip_nat_ftp fails for some ftp servers

On Sat, 6 Oct 2001, Xuan Baldauf wrote:

> When having such a setup, try to list following ftp
> directory using an ftp client in active mode:
> 
> ftp://ftp.tu-chemnitz.de/
> 
> It will fail (because ip_nat_ftp will not substitute the
> ftp-"PORT" command). But accessing these directories will
> succeed:
> 
> ftp://ftp.fu-berlin.de/
> ftp://ftp.uni-stuttgart.de/
> 
> 
> I've captured the communication to both classes of
> ftp-servers, but did not find any notable differences. The
> "router" machine is running linux-2.4.11-pre3.
> 
> Can anybody confirm this with his|her own setup? Does
> anybody know the reason for this bug?

I can confirm that I can't list the contents of ftp://ftp.tu-chemnitz.de/
when using active mode and sitting behind a linuxrouter running 2.4.9-ac12
with ip_conntrack ftp and ip_nat_ftp loaded.

I confirmed that the same server works fine in active mode from another
machine that doesn't sit behind NAT.

and I tried ftp://ftp.fu-berlin.de/ and that worked fine from behind NAT
in active mode.

/Martin

Never argue with an idiot. They drag you down to their level, then beat you with experience.