TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:9710] ip_masq_ftp
On Tue, Nov 02, 1999 at 04:58:31PM -0600, Scott Dier - dieman (dieman@ringworld.org) wrote:
> On Tue, 2 Nov 1999, Amy Tebbe wrote:
>
> > Is ip_masq_ftp supposed to allow you to do passive ftp?
>
> ip_masq_ftp is for forwarding *active* ftp.
>
> Passive ftp just reuses the port 21 connection you allready have open.
> (right?)
>
> I know it works without the module.
Hmmm...here's what I'm trying to do.
Have an ipchains firewall doing masquerading. ws_ftp on a windows client gets
500 Illegal Port error when connecting to an ftp site. ftp on the firewall
itself works fine. ncftp works when passive is off. when passive is on,
i see deny packets on the firewall that look like:
Nov 2 11:36:09 gatekeeper kernel: Packet log: lockdown DENY ppp0 PROTO=6
FTPSiteIPAddress:6270 FirewallIPAddress:1258 L=44 S=0x00 I=1002 F=0x0000 T=55
So, I installed ip_masq_ftp but didn't seem to get any different results.
Weird thing is that I've never installed ip_masq_ftp before and haven't had
problems with windows ftp clients.
I feel like I must be missing something really simple here. I appreciate your
help.
--
Amy Tanner Voice: 612.943.8700
Real Time Enterprises, Inc. Fax: 612.943.8500
amy@real-time.com http://www.real-time.com
PGP fingerprint = 67 6C 8F DB B1 7A 8D 41 DC 7B CA 0B 28 1E 67 AD