General discussion


linux as router prevents ftp connection

By kct@elgin ·
I setup a system with two gigabit network cards to serve as a router between two classroom networks. 192.168 on one side, 10.10 on the other. Everything seemed to work for the last 2-3 months except we found that the Microsoft people could not ftp from workstations (both 98 & xp) to windows 2000/2003 server. Message is that connection is dropped by host. We can ftp to the windows servers using linux. Removing the linux box and going back to a 10mb Cisco router allows the windows systems to work.
This is a classroom not connected to the internet so I have allowed all traffic to pass through router. We have also looked at the packets and can't see anything different between the MS ftp packets and linux ftp packets.
The classroom must be able to support a mixture of Linux and Windows systems.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Jaqui In reply to linux as router prevents ...

you haven't turned iptables or ipchains?
and you expicitly allowed ports 20 and 21 to be open?
with the correct protocols?
have you installed and configured samba?

since my server / router has never caused this problem I'm only asking what pops up as most likely causes of this behaviour.

Collapse -

by kct@elgin In reply to

iptables is on and open to everything.
ports appear to be open since a linux workstation can connect to the windows ftp server. Only windows workstations do not connect when using the Linux box as the router.
Samba is not installed. We received to gigabit switches as a donation and our CISCO routers only support 10m, two inexpensive nics should allow us to build a fast router from cheap parts.
Everything goes through (as far as we can tell), webhosting, ping, telnet, mail, only ftp fails going from windows workstation to windows server.

Collapse -

by kct@elgin In reply to linux as router prevents ...

Looking for reason MS FTP would be stopped by Linux router.

Collapse -

by FelixOrtiz In reply to linux as router prevents ...

The simplest answer on this question is ? Shoreline Firewall or Shorewall for short. If you go to and get the latest stable package and go over the on-line documentation this is pretty easy to setup and get going ? no need to know your way around iptables or ipchains. Couple that with webmin ( and you have all you need to get this setup.

Collapse -

by loptr.chaote In reply to linux as router prevents ...

Could this be an issue with Passive mode vs Active mode transfers?
Try switching the settings in the FTP client. Also, try using a third party FTP client instead of ftp.exe or IE. (CuteFTP or FlashFXP are both good.)

Collapse -

by Nico Baggus In reply to linux as router prevents ...

Have you also loaded the connection tracking?

modprobe ip_conntrack
modprobe ip_conntrack_ftp

these are used to allow the second channel
allong to the control channel.
You also need a line like

iptables -A FORWARD -m state --state \

to handle connection tracking.
Kind Regards,
Nico Baggus

Collapse -

by feathersmcgraw In reply to linux as router prevents ...

You have an interesting issue. I have seen some great suggestions, but there needs to be a little more information to accurately troubleshoot. Can you post your routing table, gateways, configuration on the linux router? Also, it might be helpful for you to run ethereal on the workstation and then try to ftp. Watch what the packets read back to you (is it even getting to the other network). You could also use tcpdump (a command like "tcpdump -i eth0 host where host is the one you are trying to ftp to) and see what type of information if any you are getting back.

Will be interested to see what you come up with.

Related Discussions

Related Forums