FTP is a little strange. Richard Steven's TCPIP v1 will tell you that in
passive access mode it seems only the client's port is varying but in
active mode the client and the server negotiates dynamically for a
suitable server side port. Maybe I missed something--do your own
verification. But anyways, there are kernel modules to assist masqerating
and firewalling routers to handle ftp connections in normal interactive
(active) mode:
There are many ipchains how-tos on the net, in case you are using RH6 and
cable modem here is a okay one to look to:
The how-to: http://www.rit.edu/~pcm6519/linux.html
The ftp-friendly script: HTTP://www.rit.edu/~pcm6519/rc.firewall
Good luck :)
-- Li, [EMAIL PROTECTED]
On Wed, 25 Aug 1999, Martin Krzywinski wrote:
>
> I'm starting to fiddle with ipchains. I'm masquarading
>
> router --- [x.x.199.193]FIREWALL[10.1.1.1] --- private network
>
> A few things aren't working. For example, I can't ftp out of the private
> clients. The connection is made but the server complains about port
> numbers. I guess there's something screwy in the masquerading setup.
> Telnet and browsing work fine. Http downloads work fine.
>
> I've got
>
> ipchains -A forward -j MASQ
>
> added, but just that for now.
>
> In addition, I'd like to have internal web/ftp/ssh servers. How can I
> forward requests to x.x.199.194 on a given port, say 23, to go to
> 10.1.1.Y:23?
>
> Thanks for any info,
>
> Martin
>
> --------------------------------------------
> And I keep hearing from the cellar bin
> The rumbling sound
> Of load on load of apples coming in.
> For I have had too much
> Of apple-picking: I am overtired
> Of the great harvest I myself desired.
> Robert Frost (After Apple-Picking)
> --------------------------------- 575/1424 -
>
>
>
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
