FTP Problem, cannot login or list from several machines

ashworth102680

Verified User
Joined
Mar 25, 2005
Messages
20
Location
Vancouver, WA
This is a weird one that I haven't seen before.

Fresh install of Fedora Core3, DA recent version, added a domain, and it's resolving. Now for the tricky part...

My PC can login with the following:
HOST: beta2.mydomain.com
USER: willa
PASS: xxxxxxxx (for obvious reasons, I have not placed the password here)

Only one other person within my organization can login, the person that sits behind me. Nobody else on the same network using the exact same FTP settings and FTP program (Crystal FTP) can login. They get a username/passwd error.

Another interesting thing is when I try to login from home, I am authenticated, but I get a "cannot list" error. I haven't changed permissions at all on any of the ftp directories that I can recall.

This entire time, the control panel is reachable on port 2222, and I brought the entire machine out from behind the DMZ at work, so there's no firewall.

Could IP Tables be causing this somehow? I don't know enough about it to troubleshoot and am looking for suggestions. If port 21 was blocked, then I wouldn't be able to login AT ALL right?

Thanks in advance!
 
With regards to IP Tables, I have all the right things open....so I think.

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT
 
I swear I thought I had already tried that, but hey, we all have our crazy times. I think that may have worked.

I'll test on the other machines at work on Monday, but I think we're onto something.

Thanks! I'll post back my findings here in the forums.

FYI - it worked with DIRECT mode in Crystal FTP.
 
DIRECT may be what they mean by "passive=off".

But you still have to fix it so your users can use passive ftp, as that's the default.

I'd suggest you use the KISS firewall (look for it on these forums); it automatically maintains ports for passive ftp.

Or read up on the Proftpd site on how to set up ports specifically for passive ftp, and then open up those ports in iptables.

Jeff
 
Back
Top