NYCPHP Meetup

[nycphp-talk] OT:ftp EPSV error..

Hans Zaunere zaunere at yahoo.com
Thu Feb 27 09:29:33 EST 2003


--- Ian Forsyth <ian at plusfour.org> wrote:
> 
> On a windows machine using ws ftp LE and behind the NAT having a 
> 192.168.X.X ip a LS command times out as well..  Though when the 
> windows machine is on the external network, with a 207.33.X.X ip the ws 
> ftp client functions normaly..
> 
> I can connect to hundreds of machines behind the NAT router, it is just 
> this one server i cannot connect to.... and it happens to be a server 
> that needs to be reachable from this office (of course) on a daily 
> basis for uploading source, and beta builds..

NAT and FTP are two dirty acronyms that never go together.  My initial take
on this is that the PASV requests are getting confused because both the
remote and local internal networks are 192.168.x.x.  If possible, try using
different subnets on the local and remote internal networks (like one
192.168.0.0/16 and the another 10.0.0.0/8).  This might help.

Other than that, it could be one of many, many, many subleties when working
with NAT and FTP.  Some possibly useful resources (although not specific to
your firewall, the same concepts apply):

http://home.earthlink.net/~jaymzh666/ipf/index.html
http://www.obfuscation.org/ipf/
http://livenudefrogs.com/~anubis/ipf/nats.html
http://www.netfilter.org/security/2001-04-16-ftp.html
http://www.experts-exchange.com/Operating_Systems/Linux/Q_20331453.html

Best of luck,

Hans



More information about the talk mailing list