On 28 Jan 99, at 14:26, Tim Fletcher wrote about
"[masq] FTP and firewalls":
| Following all the recent traffic on this list and others about
| ftp and ip masqing I wondered why I could ftp _with_ port prefectly.
| Anyhow I upgraded my kernel to 2.2.0 (from 2.0.36) and learnt ipchains
| over the last few days.
Running the ip_masq_ftp module allows PORT commands from masqueraded
clients to work fine. But...
|...
| A little thinking and a little bit of tail -f /var/log/messages I
| see connections from the ftp server form port 20 being denied ah, I have
| found the problem. Add this rule to your rule set and port based ftp will
| work:
|
| ipchains -A input -j ACCEPT -y -p tcp -s 0.0.0.0/0 20 -d yourip 1024:65535
| or
| ipfwadm -I -a accept -P tcp -S 0.0.0.0/0 20 -D yourip 1024:65535
| (no warrenty on this one I don't know ipfwadm very well)
But this chnage won't help a masqueraded client, because there is no
way to get the packet forwarded to the internal IP. So you seem to
be talking about running the FTP client on the masquerading box
itself? If so, masqerading doesn't enter into it.
- Fred Viles <mailto:[EMAIL PROTECTED]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
