On Wed, Dec 20, 2000 at 12:52:27PM -0500, Michael Rothwell wrote:
> "Michael H. Warfield" wrote:
> > You can use spf to add some stateful inspection for PORT mode
> > ftp. Personally, I like the masquerading option better, though.
> Can you give an example of using MASQ selectively? I have real addresses
> on both sides of the firewall, but want things like FTP to work
> correctly. I think the IPChains HOWTOs are just a little terse. :)
modprobe ip_masq_ftp
ipchains -A forward -p tcp -s {Source Addresses} -d 0/0 21
Seems to work for me (mine includes a "tag" and a policy route
rule to send it out my cable modem that I've left off here)...
If you don't load the ip_masq_ftp module, you WILL get illegal
port errors on the PORT commands.
> Thanks!
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
