passive ftp connection to nonstandard ftp port

Hi there

My problem is, that i cannot do a passive connection from my linux box
to an ftp server which doens't run a standard port.

I can connect to the ftp with my ncftp client. But if i do an 'ls' it
says:

ncftp / > ls List failed. No route to host.

And yes, i'm behind a NAT router. The ftp server also. If i connect
from my Windows XP Laptop, it works without problems. That's kind of
weird for me.

My Route: linux client -- nat router -- {internet} -- nat router --
server

It works with Windows, i don't understand why it doesn't work with
linux. I've a Zyxel Prestige 310 Router. Port forwarding is set up to
forward to my linux box per default. If it isn't the connection from
Windows doesn't work.

Has this something to do with the ip_conntrack part in my kernel? I
use 2.6.5, homebrewed gentoo.

Thanks for the advice.

Cheers

osterhas wrote:
> My problem is, that i cannot do a passive connection from my linux box
> to an ftp server which doens't run a standard port.
>
> [snip]
>
> It works with Windows, i don't understand why it doesn't work with
> linux. I've a Zyxel Prestige 310 Router. Port forwarding is set up to
> forward to my linux box per default. If it isn't the connection from
> Windows doesn't work.
>
> Has this something to do with the ip_conntrack part in my kernel? I
> use 2.6.5, homebrewed gentoo.

The Windows command line uses active ftp. No support for passive.
IE uses passive ftp. No support for active.

Are you sure you're making an accurate comparison?
Most Linux clients let you switch between active and passive.

Active ftp would need you to load the ip_conntrack_ftp module to allow
an incoming (related) active data connection to be associated with the
(established) control connection, assuming you allowed related
connections in iptables.

> The Windows command line uses active ftp. No support for passive.
> IE uses passive ftp. No support for active.
>
> Are you sure you're making an accurate comparison?
> Most Linux clients let you switch between active and passive.
>
> Active ftp would need you to load the ip_conntrack_ftp module to allow
> an incoming (related) active data connection to be associated with the
> (established) control connection, assuming you allowed related
> connections in iptables.

My comparison with windows is accurate because i use flashfxp.

log:
PASV
227 Entering Passive Mode (10,10,0,62,29,157)
LIST
150 Opening ASCII mode data connection for /bin/ls.

and it works.

I have to enable the toggle 'Site uses IP Masq/NAT/Non-Routable IP' in
FlashFXP, otherwise it also fails to do the passive connection (data
socket error: connection timed out.)

Weird is also that i have to forward all ports to my linux box, to get
a connection with my Windows client.

I have no firewall on my linux box. dmesg shows this:

ip_conntrack version 2.1 (4095 buckets, 32760 max) - 300 bytes per
conntrack
ip_tables: (C) 2000-2002 Netfilter core team
ipt_recent v0.3.1: Stephen Frost <(E-Mail Removed)>.
http://snowman.net/projects/ipt_recent/

I don't use ip tables or another fw. These things are compiled into
the kernel, i don't use modules support. But that shouldn't make a
difference?!

Thanks for helping me out.
Cheers