There is a ip_masq_ftp module that allows you to use active and passive FTP behind a MASQ box.
Works fine here. Regards, Onno At 04:07 PM 2/15/00 -0600, Nathan E Norman wrote: >On Tue, Feb 15, 2000 at 03:06:00PM -0600, Brian McGroarty wrote: >: As a learning exercise, I'm replacing our FreeBSD firewall with a Debian one. >: The machine is used to provide masquerading for several Windows, Linux and >: FreeBSD boxes on our cable modem. >: >: With Debian, FTP doesn't work from behind a standard masquerading firewall. >: I've observed the problem with ipfw and ipchains both. >: >: What is different about the default handling of FTP, ICQ and similar clients, >: and what should I read up on to change this behavior? Under FreeBSD, these >: worked without any special handling. > >You need to use passive ftp from behind a masquerading box. > >I thought there was a masq module for FTP, but I guess I was thinking of >the Cisco PIX. You have to examine each packet in a non-passive FTP >session and rewrite IPs when NAT or masq is in play. > >-- >Nathan Norman Network Magician, Eclectic Engineer >GPG Key ID 1024D/51F98BB7 "Eschew Obfuscation" >Key fingerprint = C5F4 A147 416C E0BF AB73 8BEF F0C8 255C 51F9 8BB7 > >Attachment Converted: "c:\home\onno\email\attach\Re masquerading & ftp" >
