Rajendra Rait wrote:

Hi Gurus,

I am using Red Hat Linux 7.0 which acts as an proxy server(Transparent Squid), and firewall server(Ipchains). I use dial-up connection. My problem is whenever i connect to an ftp site my get this error:-

~ Login completed.

...

PORT 10,1,11,11,8,230

< 500 Illegal PORT Command ~ Could not retrieve directory listing for "/"

Below is my firewall rules:-

:input ACCEPT :forward ACCEPT :output ACCEPT :pbi - -A input -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 80:80 -p 6 -j REDIRECT 3128

-A input -i ppp0 -p tcp --dport 23 -j DENY -A input -i ppp0 -p tcp --syn -j DENY -A forward -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -i ppp0 -j pbi -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 23:23 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 25:25 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 110:110 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 443:443 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 5050:5050 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 5100:5100 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 8383:8383 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 3128:3128 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 1863:1863 -p 6 -j MASQ

Please let me know what is wrong in my rule, so that ftp-sites can connect smoothly.

Can't remember, dont we require some ftp module loaded. Check /lib/modules/version/ipv4/ and see if there is some ftp related module, load and then check.

-Krishna.

Rajendra Rait writes:

-A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 22:22 -p 6 -j MASQ -A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 21:21 -p 6 -j MASQ

Add a line for port 20 since ftp uses port 20 and 21.

-A pbi -s 10.1.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 20:20 -p 6 -j MASQ

Regards Swanand techieinfo.cjb.net