Linux help
Thread Starter
Joined: Aug 2001
Posts: 1,610
Likes: 1
From: Clearlake, CA
Linux help
Any Linux gurus on this board? I could use some help trying to get my linux server to only recognize FTP connections on one of the ethernet cards.
What I have is two ethernet cards, one for LAN traffic and one for internet server traffic. Unfortionately, the server seems to try and use the LAN card for replying to incoming internet traffic. (ie, if an FTP connection comes in on ETH0, the server seems to try reply on ETH1).
Probably not a good explanation and I know I'm a bit off target with my diagnosis...
What I have is two ethernet cards, one for LAN traffic and one for internet server traffic. Unfortionately, the server seems to try and use the LAN card for replying to incoming internet traffic. (ie, if an FTP connection comes in on ETH0, the server seems to try reply on ETH1).
Probably not a good explanation and I know I'm a bit off target with my diagnosis...
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
I could possibly qualify as a linux guru, seeing how I used to work for Red Hat 
What is your goal here? To setup an FTP server that only answers on your external interface? The weirdness you describe shouldn't really be happening, because the service in.ftpd should bind to all available interfaces (eth0 and eth1).
mock scenario:
Let's say you have dual-homed system with eth0 and eth1.
eth0 IPADDR 24.2.2.1 (external Internet address)
eth1 IPADDR 192.168.0.1 (LAN, RFC 1918 non-routable IP addr).
so if someone from the Internet connects, they will connect to 24.2.2.1:21. The kernel will handle the routing back to the client, so you should not be having issues at all. weird...
I could prolly figure it out within a couple seconds if you want me to poke around. If not, use the -d option if it's wu-ftpd so it will write debugging info into the syslog.
lemme know if I can help you anymore..
What is your goal here? To setup an FTP server that only answers on your external interface? The weirdness you describe shouldn't really be happening, because the service in.ftpd should bind to all available interfaces (eth0 and eth1).
mock scenario:
Let's say you have dual-homed system with eth0 and eth1.
eth0 IPADDR 24.2.2.1 (external Internet address)
eth1 IPADDR 192.168.0.1 (LAN, RFC 1918 non-routable IP addr).
so if someone from the Internet connects, they will connect to 24.2.2.1:21. The kernel will handle the routing back to the client, so you should not be having issues at all. weird...
I could prolly figure it out within a couple seconds if you want me to poke around. If not, use the -d option if it's wu-ftpd so it will write debugging info into the syslog.
lemme know if I can help you anymore..
Thread Starter
Joined: Aug 2001
Posts: 1,610
Likes: 1
From: Clearlake, CA
sounds like both of your eth devices have the same IP address.
[QUOTE][B]Let's say you have dual-homed system with eth0 and eth1.
Administrator
Joined: Oct 2000
Posts: 20,274
Likes: 4
From: Toronto, Canada
Is the client connecting? are you running it out inetd or standalone? Are you connecting in passive mode? What server is it: wuftpd or proftpd? If you ifdown the intranet eth does it work?Need more info.
Thread Starter
Joined: Aug 2001
Posts: 1,610
Likes: 1
From: Clearlake, CA
Originally posted by cthree
Is the client connecting? are you running it out inetd or standalone? Are you connecting in passive mode? What server is it: wuftpd or proftpd? If you ifdown the intranet eth does it work?Need more info.
Is the client connecting? are you running it out inetd or standalone? Are you connecting in passive mode? What server is it: wuftpd or proftpd? If you ifdown the intranet eth does it work?Need more info.
I think I am running wu-ftp via xinetd, but not sure. When you get to ifdown I'm way out of my league! Feels strange to be so non-command line after resisting GUI environments for so long...
Registered User
Joined: Oct 2001
Posts: 1,611
Likes: 0
From: Melbourne
ahhh....a firewall...this complicates things a little 
As to cthree's questions about versions etc. What distro of linux you running? that should answer most questions.
If you're coming from the Internet to the ftp server and you've got firewall rules, it's unfortunately not as easy as opening up tcp port 21. You've got to understand how ftp works, and the difference between active mode and passive mode ftp in the way that connections are established.
For a good explanation, go here
I would recommend you ditch ftp altogether, and make use of OpenSSH's scp. There is a very easy to use windows client (winscp), and of course command line clients for *nix. Re-educating your users shouldn't be terribly hard if you write up a decent tutorial such as thing one
Yeah if you want us to figure this out, we need more info...
Glad to help though
As to cthree's questions about versions etc. What distro of linux you running? that should answer most questions.
If you're coming from the Internet to the ftp server and you've got firewall rules, it's unfortunately not as easy as opening up tcp port 21. You've got to understand how ftp works, and the difference between active mode and passive mode ftp in the way that connections are established.
For a good explanation, go here
I would recommend you ditch ftp altogether, and make use of OpenSSH's scp. There is a very easy to use windows client (winscp), and of course command line clients for *nix. Re-educating your users shouldn't be terribly hard if you write up a decent tutorial such as thing one
Yeah if you want us to figure this out, we need more info...
Glad to help though
Trending Topics
Thread Starter
Joined: Aug 2001
Posts: 1,610
Likes: 1
From: Clearlake, CA
Originally posted by moonpie
ahhh....a firewall...this complicates things a little
ahhh....a firewall...this complicates things a little
[QUOTE][B]As to cthree's questions about versions etc.
Registered User
Joined: Oct 2000
Posts: 2,584
Likes: 0
From: Mountain View
I don't understand your config...you have DSL to the internet....but then what is the firewalled cable modem doing??? All it seems to be doing is causing asynchronous routing issues. The firewall is useless since you have an open insecure DSL connection.
My solution: Dump the firewall on the cable modem. Put a third nic in the linux box and reconfigure it to act as a firewall/router to your private LAN. then you will see full benefits of having both cable and DSL over the whole network, and both connections will be secured.
I've always had a much easier time doing this with FreeBSD than linux.
oh and uhhh....macs are for pansies!
My solution: Dump the firewall on the cable modem. Put a third nic in the linux box and reconfigure it to act as a firewall/router to your private LAN. then you will see full benefits of having both cable and DSL over the whole network, and both connections will be secured.
I've always had a much easier time doing this with FreeBSD than linux.
oh and uhhh....macs are for pansies!
Registered User
Joined: Oct 2000
Posts: 2,584
Likes: 0
From: Mountain View
just got to the part about the bank info...that's nutty!!! You own the domain, your name and address is on the whois record, they are not legally allowed to use it. However, confidential bank info is kinda nifty...u should post some of them up here Any email sent to anyone at ifd.com means you are the intended recipient, since you are the domain owner and I assume you have all mail aliases pointed at yourself.
but anyway, their dns is probably internal to their network and not getting out, so i doubt anyone besides them would have a dns hijacking issue. I bet they send emails to other ppl and have their reply-to set as their internal email address, so when other ppl reply to them they pick up real-world DNS and it gets sent to you.
Any email sent to anyone at ifd.com means you are the intended recipient, since you are the domain owner and I assume you have all mail aliases pointed at yourself. but anyway, their dns is probably internal to their network and not getting out, so i doubt anyone besides them would have a dns hijacking issue. I bet they send emails to other ppl and have their reply-to set as their internal email address, so when other ppl reply to them they pick up real-world DNS and it gets sent to you.
