[TriLUG] Solution: Re: Tomato Firmware vs. FTP server

Lance A. Brown lance at bearcircle.net
Tue Nov 25 09:01:54 EST 2008


Doh.

When you add the iptables rule to let the passive FTP port range for
proftpd through the firewall, make sure you add them as tcp protocol,
not udp.  Durrrrr...

I copied the wrong line when I was editing the /etc/sysconfig/iptables
file. :-)

--[Lance]

Lance A. Brown said the following on 11/21/2008 8:17 PM:
> Greetings,
> 
> I'm trying to experiment with an FTP service on my server at home behind
> a Linksys WRTG54G running Tomato Firmware.  Logging in works fine, but
> the switch to PASV mode to list the current directory fails.  Tcpdump on
> the server reveals:
> 
> 20:12:35.926895 IP X.X.X.X.13361 > 192.168.1.20.60027: S
> 2164785465:2164785465(0) win 65535 <mss 1414,nop,wscale 2,nop,nop,sackOK>
> 20:12:35.926927 IP 192.168.1.20 > X.X.X.X: ICMP host 192.168.1.20
> unreachable - admin prohibited, length 60
> 
> which leads me to believe the FTP port detection for the NATing on the
> router is failing.  I've been through the settings on the router and it
> appears everything is set properly, but what do I know.
> 
> Anyone seen this before?  Got any clues?
> 

-- 
 GPG Fingerprint: 409B A409 A38D 92BF 15D9 6EEE 9A82 F2AC 69AC 07B9
 CACert.org Assurer



More information about the TriLUG mailing list