Re: [leaf-user] Basic Port Forwarding How-To

Sun, 30 Jun 2002 17:00:38 -0700 

Stewart:

        Heya. Unfortunately, you've chosen a difficult application
to start with: FTP is notoriously difficult to get working behind
a NAT'ing firewall. Here's a PDF which explains why:

ftp://ftp.echogent.com/docs/FTP_and_Firewalls.pdf

        As you can see, active FTP requires more than one port
to work correctly. So it's not very clear to say that you want
to "run an ftp server...with a port of 80". I *suspect* you mean
that you want to run a passive-mode server which listens for
connections on port-80 -- you still need to define the passive
port range, though.

        To get the ipchains rules working, I suggest you simply
start with a firewall script that works, and customize it as you
need. For instance, here's the section on active FTP from the
echowall.lrp setup script:

$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 21 -p tcp -y -l -j ACCEPT
$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 21 -p tcp -j ACCEPT
$IPCHAINS -A input -s 0/0 -d $IP_EXT/32 20 -p tcp ! -y -j ACCEPT
$IPMASQADM portfw -a -P tcp -L $IP_EXT 21 -R $FTP_HOST 21
$IPMASQADM portfw -a -P tcp -L $IP_EXT 20 -R $FTP_HOST 20

        You would need to modify the use of TCP port 21 and 20
there after the "$IP_EXT" variable. Echowall also has a section
on Passive-FTP of course. You'd likely want to start there.

        Good luck experimenting!

-Scott


> Heylo,  I've asked this before, but it still doesn't work.
>
> I'm using the most basic configuration of dachstein 1680KB floppy, with
> minimal changed.  How and what should i change so that i can run an ftp
> server on a machine with ip address: 192.168.1.200 with a port of 80.  also
> i need an explanation of protocols i.e. TCP and UDP, and the ability to
> access this server from within the network.  I'm not really a newbie with
> LRP, but this is my first port-forward so be gentle please!





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to