At 03:41 PM 4/3/00 +0100, you wrote:
>Hi folks,
>
>I'm looking for some info with regard to ncftp and firewall. What happened
>was this: If for example I tried to connect to ftp.heanet.ie with ncftp, I
>get an error message "no route to host" and my firewall log showed this:
>
>Mar 28 22:40:21 magrat kernel: IP fw-out rej ppp0 TCP MY_DYNAMIC_IP:61003
193.1.219.117:0 L=44 S=0x00 I=2648 F=0x0000 T=63
>
>If, however, use the ordinary "ftp ftp.heanet.ie", the connection works
>fine. Also, if I set ncftp to "Passive FTP only", it seems to work.
>
>Hence, I'm looking for someone to shed some light on this or maybe give me a
>pointer to more information, e.g. what's port 0 anyway - /etc/services
>doesn't list it? The rule that blocks those packets claims to block
>SUN RPC packets:
>
> ipfwadm -O -a reject -o -P tcp -W $EXTERNES_INTERFACE \
> -S $IPADDR \
> -D $ANYWHERE 0 87 111 512 513 514 515 540
>
>($EXTERNES_INTERFACE is "ppp0" - I've got most of the rules for my firewall
>from a German Firewall "HOWTO" - very helpful. I wonder what Babelfish would
>do to it... ;-) )
>
>Any ideas?
>
>Thanks in advance,
>
>Thomas
>
Try loading the ip_masq_ftp.o module. It takes care of the return
connection of an active FTP connection.
modprobe ip_masq_ftp
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
