On Thu, 2008-06-05 at 20:04 -0700, John R Pierce wrote:
Filipe Brandenburger wrote:
On Thu, Jun 5, 2008 at 2:05 PM, Timothy Selivanow timothy.selivanow@virtualxistenz.com wrote:
things like 'put' and 'get', etc.), the connection hangs. If you wait a bit it returns with a "425 Failed to establish connection". I've tried
Is the FTP client behind NAT? If it is then active FTP won't work, since the client will request the server to connect to the internal IP.
its somewhat more complex than that. many NAT boxes (home routers, etc) recognize FTP on port 21, and monitor the PORT commands, and mangle them automatically. A linux masquerading server can do this too, with the right ip_masq module. if the FTP is running on a nonstandard port other than 21, the automagic stuff won't work. If the FTP /server/ is behind NAT using a port forward, it also gets messy.
there's a detailed discussion of these and other salient points here, http://www.ncftp.com/ncftpd/doc/misc/ftp_and_firewalls.html it bears reading carefully.
There's no NAT'ing occuring in my tests (all machines, including my workstation are not using RFC1918 addresses, some of the core routing infrastructure is, but it's all routable and not NAT'd). There are various routers and firewalls between my workstation and the hosts, but all ACL's and firewall rule sets allow my traffic unimpeded to my testing hosts and the customer's hosts.
The frustrating thing is, it happens on all of the CentOS 5 machines I've tested on.
--Tim ____________________________________________ < Invest in physics -- own a piece of Dirac! > -------------------------------------------- \ \ \ \ /\ ( ) .( o ).