I have no background in Linux. I am using a Novell network and the consultant put in an old 486PC with a Linux firewall on it. It is not permitting me to allow password protected FTP in or out of the network. Only http traffic is passing.

I am attempting to load CuteFTP on my Novell server and it won't work. This is what leads me to believe it's the firewall configuration that is causing the problem.

Going back to the consultant is not an option.

Can anyone train me how to understand and address this issue.

What kind of firewall is it?
Does it appear to be a port problem?
If you can give more info, we could try to help.

I am not sure I know what kind of firewall it is but I know it was free. Can I look at this PC and determine the type of firewall. How would I do that.

I attempt to enter FTP commands at the DOS prompt on a networked PC and it won't let me do an ftp open so this is why I think its the firewall. Is there any other way I can test this.

We plan to hook up a unit on the other side of the firewall and attempt ftp commands but that won't happen until next week.

First you'll need to tell us the OS version and type.
I assume you have admin login "root" access to the Linux box locally.

If so goto a shell window "like Dos's" on the box and type uname -a
post the infomation to this forum.

It could be anything, depends on how old the software is.

/Raz

Step one: power down 486
Step two: load shotgun...
j/k
Does the 486 serve any other function on your network?
Would it be possible/feasible to take it down/bypass it for testing?

uname -a returns

Linux router.ctrivers.org 2.0.36 #1 Tues Oct13 22:17:11 EDT 1998 i586 unknown

All of this is on one line however.

So what does this all mean.

Thanks for your help

This firewall has no other purpose on the network.

I will look at bypassing the firewall by shutting it off.

What is shotgun? I have never heard of this. What does it do?

Preguin1,

It's a Redhat Linux Kernal 2.0.36.
I.e old, needs security patching etc etc.

It's likely the firewall is doing NAT for your network using ipchains.
It's also most likely got the NAT patch installed as this version had errors with over loaded Network address translation.

must be root try this.
i.e
% su - root
# ipchains -V
what version does it say ?

If you get a valid response from that last command then continue reading:
Try typing this. "suggest you don't post the output to this group as it's the rule set for your firewall !!! . i.e bad info for hackers to get"

# ipchains -L -n

If you get some info returned for example the line:
Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target prot opt source destination ports
MASQ all ------ 10.1.1.0/24 0.0.0.0/0 n/a

Then NAT is set-up and your firewall will have other rules sets for HTTP access etc etc.

If this is the case then type this line in as root to allow all FTP access out of the site. "this won't allow FTP access in only out"

first get this info.
# ifconfig -a | grep 'inet'
Should show you three lines, the second line is normally the external IP address of your firewall.

Replace the "foo.bar" text with your firewalls IP address.

#ipchains -A output -p tcp -s foo.bar 1023:65535 --dport 20 -j ACCEPT
#ipchains -A output -p tcp -s foo.bar 1023:65535 --dport 21 -j ACCEPT
#ipchains -A input -p tcp ! -y -s 0/0 --sport 20 -d foo.bar 1023:65535 -j ACCEPT
#ipchains -A input -p tcp ! -y -s 0/0 --sport 21 -d foo.bar 1023:65535 -j ACCEPT

I think this should work, but it's from my head so I haven't tested it.

Have fun.
/Raz

Ps. the Shotgun that killjoy was talking about is a Shotgun.
Pps. or Shotgun technology is where you use more then one modem to increase your bandwidth, but somehow I doubt this is what he meant. 8-)