On Sat, 21 Sep 2002, Ray Olszewski wrote: > > This is a new one to me. I hope someone else will turn out to be familiar > with it and post a simple solution, but I wouldn't count on it. (I waited > awhile before replying, in this hope.)
New to me, too. > I am reasonably sure that IP-NAT is just a slightly more exact synonym for > NAT. At least every reference I could find used it that way. I assume you > know what the ordinary meaning of NAT is. > > I can't find any reference to the use of port 864 in connection with NAT or > IP-NAT (or ftp). Just "opening" it is unlikely to help you much; something > on your router or LAN will need either to send from that port or listen on > it -- or maybe accept input *from* it; the advice you report getting is so > sketchy that it is hard to guess. The admin's advice doesn't include > telling you what his site uses the port for, and I can't find any > indication that the use is anything established by any standard ... or at > least nothing connected to NAT or ftp. It is possible that they have configured their server to accept ftp control connections on port 864, but I don't see how they could do that without Joris' knowledge and still end up using active ftp. That is, if Joris was accessing the ftp server by clicking on a link in a browser, he might never know they had changed the control connection port. ip_masq_ftp monitors all outgoing connections to port 21 and munges the information about which ip address and port the server can use to make an "active" data connection back to your box. If you need to connect to ftp servers on port 864, then in /etc/modules, change the following line ip_masq_ftp to ip_masq_ftp ports=21,864 and if that fixes the problem then backup modules.lrp. > (The only references to port 864 that I was able to track down are in RFC > 768, where 864-UDP is associated with a service called "Discard", and with > connection to ypserv, which also runs on 864-UDP. You may need to find out > what the site expects to receive or send from or to that port.) > > So ... if someone else jumps in here with an easy answer, that's terrific. > If no one does ... then you may be the first one to run into a new problem > that we (and Linux-NAT users generally) need to work out a solution for. In > that case, the more information you can provide, the better. Yes indeed... in particular, a sample of the exact firewall error messages involved (from /var/log/messages or /var/log/syslog) could be helpful. > The other possibility is that this use of port 864 is some oddity specific > to the particular ftp site. I've seen a few other cases recently where > admins of ftp sites did something short-sighted that caused problems for > connections from firewalled sites, and in such cases, there is really no > sensible fix other than letting the admin know that it is his problem to > fix, not yours. > > I'm sorry this reply isn't more helpful, and I do hope that someone else > who recognizes the problem from your description will respond with more > information. > > At 01:23 PM 9/21/02 +0200, Joris Kempen wrote: > >Hi people, > > > >I talked with the admin of the ftp site. > > > >and he told me that port 864 is needed for IP NAT. > > > >Can I just open port 864? > > > >I have DachStein & Echowall, how do I open this port 864. > > > >Any links maybe that tell me (in easy language:) what IP-NAT exactly is.. > > > >Thanks.. > > > >Met vriendelijke groet, > > > >Joris Kempen > >St. Ursulahof 47 > >5995 CB Kessel > > > >email: [EMAIL PROTECTED] > >tel. nr.: 06 1257 4228 > > > > >-----Original Message----- > > >From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED]]On Behalf Of Joris Kempen > > >Sent: Saturday, September 21, 2002 10:14 AM > > >To: Leaf (E-mail) > > >Subject: [leaf-user] FTP and IP-NAT > > > > > > > > >HI people, > > > > > >I have a Dachstein router with EchoWall and SSH on it. > > > > > >I try connecting to a FTP server and get this message: > > > > > >error message: "501 you are on a LAN and the IP-NAT is not > > >translating your > > >IP address correctly" > > > > > >I didn't have this problem before with this server, so i > > >assume they changed > > >something. > > > > > >What do I need to change in my router to prevent this problem? > > > -- > -------------------------------------------"Never tell me the odds!"-------- > Ray Olszewski -- Han Solo > Palo Alto, California, USA [EMAIL PROTECTED] > ------------------------------------------------------------------------------- > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > --------------------------------------------------------------------------- Jeff Newmiller The ..... ..... Go Live... DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... Live: OO#.. Dead: OO#.. Playing Research Engineer (Solar/Batteries O.O#. #.O#. with /Software/Embedded Controllers) .OO#. .OO#. rocks...2k --------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
