On Tue, Feb 15, 2000 at 03:06:00PM -0600, Brian McGroarty wrote: : As a learning exercise, I'm replacing our FreeBSD firewall with a Debian one. : The machine is used to provide masquerading for several Windows, Linux and : FreeBSD boxes on our cable modem. : : With Debian, FTP doesn't work from behind a standard masquerading firewall. : I've observed the problem with ipfw and ipchains both. : : What is different about the default handling of FTP, ICQ and similar clients, : and what should I read up on to change this behavior? Under FreeBSD, these : worked without any special handling.
You need to use passive ftp from behind a masquerading box. I thought there was a masq module for FTP, but I guess I was thinking of the Cisco PIX. You have to examine each packet in a non-passive FTP session and rewrite IPs when NAT or masq is in play. -- Nathan Norman Network Magician, Eclectic Engineer GPG Key ID 1024D/51F98BB7 "Eschew Obfuscation" Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7
pgp9Kuw4uzmVw.pgp
Description: PGP signature
