Hi Wenn ich versuche mich auf einen externen FTP-Server anzumelden, dann bekomme ich immer - 501 PORT adress does not match originator - als Fehlermeldung. Eingeloggt bin ich zwar, aber an der Stelle komme ich nicht weiter. Welche Einstellung ist falsch? Ich benutze die proxy-suite-1.7.tp8-26 Version auf SuSE Linux 7.2 Danke für eure Hilfe! _________________________________________ Björn Bredohl ICQ#: 34034329 _________________________________________
On Mon, Apr 01, 2002 at 04:38:13PM +0200, Björn Bredohl wrote:
Hi
Hi! (please write english on this list)
Wenn ich versuche mich auf einen externen FTP-Server anzumelden, dann bekomme ich immer - 501 PORT adress does not match originator - als Fehlermeldung. Eingeloggt bin ich zwar, aber an der Stelle komme ich nicht weiter.
Welche Einstellung ist falsch? Ich benutze die proxy-suite-1.7.tp8-26 Version auf SuSE Linux 7.2
See "SameAddress" in ftp-proxy.conf(5) manual page:
SameAddress
Both user and global context. Defines a boolean
value which determines if the proxy is allowed to
be included in so-called third party server to
server transfers. In this situation the client
first sends a PASV command to one server, then a
PORT command with the response code to the second
server, and then initiates the transfer with mutual
transfer commands on the two servers. Specifying
this option as no, false, or off allows FTP-Proxy
to take part in such a transfer, while saying yes,
true, or on (the default) will enforce that trans
fers can only take place to/from the client itself.
Maybe in simplier words / picture - it happens if you try to use
a different IP-address via PORT command for the data transfer,
than your (clients) IP-address of the control connection, i.e.:
host/client A <-- ctrl --> proxy
|
|
host/client B <-- data -----| (addr of client B set via
via PORT cmd by client A)
If you have not tryed to do transfers like this:
it may also happen, if you are using NAT or Masquerading (without
ip_masq_ftp module on Linux or similar stuff on other systems)
between the client and the proxy, i.e:
.
private IP's } . { official IP's
.
[clients] <---> [int FW + Msq] <-- DMZ --> [ext FW]
. ^
. |
. v
. ftp-proxy
the above setup is not possible. the (outgoing ftp-)proxy may
be used on the machine doing Masquerading...
You may double check your (network) setup for cases like this.
Bye,
Marius.
--
° --- Marius Tomaschewski
participants (2)
-
Björn Bredohl
-
Marius Tomaschewski