• State TI Thinks Resolved
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 97 subscribers
  • Views 657 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Linux/AM3352: iptables ftp helper not working

Marek Slomiany
Prodigy 190 points
Part Number: AM3352

Tool/software: Linux

Hi,

I have 2 devices (both AM3352) - one is for processing the data (let's call it MAIN), the other is for LCD, buttons and user interface (I'll refer to this one as HMI). Both are connected to each other with ppp (tun/tap) interface over RS422. On HMI is installed ftp server (vsftp to be specific), working in passive mode. I have to forward the connection coming to eth0 of MAIN thru ppp0 interface to ftp server on HMI.

Normally I would put this problem on some stack(Overflow/Exchange/Whatever), but I have reproduced my problem on VMs (I had working ftp on windows10 vm and new lubuntu for iptables) and my solution is working on desktops.

Here is my setup: (on VMs interfaces names and IPs are changed, rest is same)

## raw
iptables -t raw -A PREROUTING -p tcp -m tcp --dport 21 -j CT --helper ftp
## filter
iptables -A FORWARD -d 192.168.201.1/32 -p tcp -m tcp --dport 21 -j ACCEPT
## nat
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 21 -j DNAT --to-destination 192.168.201.1:21
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

# cat /proc/sys/net/netfilter/nf_conntrack_helper
0
# cat /proc/sys/net/ipv4/ip_forward
1

# modprobe nf_nat_ftp
# lsmod
Module                  Size  Used by
nf_nat_ftp              1839  0
nf_conntrack_ftp        6534  2 nf_nat_ftp
xt_CT                   3205  1
iptable_raw             1510  1
xt_conntrack            2886  0
iptable_filter          1808  1
ipt_MASQUERADE          1102  1
nf_nat_masquerade_ipv4     2734  1 ipt_MASQUERADE
xt_nat                  1671  1
xt_tcpudp               2137  3
iptable_nat             1803  1
nf_conntrack_ipv4       6580  2
nf_defrag_ipv4          1435  1 nf_conntrack_ipv4
nf_nat_ipv4             5261  1 iptable_nat
nf_nat                 15612  4 xt_nat,nf_nat_ftp,nf_nat_masquerade_ipv4,nf_nat_ipv4
nf_conntrack           76225  8 nf_conntrack_ftp,nf_conntrack_ipv4,nf_nat_ftp,xt_CT,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat
ip_tables              11523  3 iptable_filter,iptable_raw,iptable_nat
x_tables               18629  8 xt_nat,ip_tables,iptable_filter,xt_tcpudp,iptable_raw,ipt_MASQUERADE,xt_CT,xt_conntrack

to connect I'm using filezilla - connection time outs after some time - to be sure I have same setup I have cloned setting and changed IP for both VM and am335x setups.

While connecting to HMI directly ftp is working fine.

I am using kernel: 4.9.50

from git://git.ti.com/ti-linux-kernel/ti-linux-kernel.git

commit: 4ad5dcaca7428dd2bc1a6a40c948e3799c1e27ae

I have also tried using two am335x connected with eth interface - same here so it's probably not ppp problem.

I'l be realy glad if you can at least show me some direction to look for an answer. 

Kind regards,

Marek

  • 0
    TI__Mastermind 40080 points
    Hi,

    You may have already done this by looking at the results of the lsmod command but my only suggestion is that since you have a working version on a Ubuntu desktop you might compare the network filter section of the Ubuntu desktop kernel configuration against the TI kernel configuration looking for feature differences. Hopefully that could lead to a solution for you.

    As you more or less mention on looking for a forum to post this is area that TI is not going to be able to support since this is above the drivers of the respective interfaces that you are using.


    Best Regards,
    Schuyler