1.) Check your /etc/conf.modules file. This is where /sbin/modprobe look for
modules to load at boot time. You probably configured a second interface
(eth1) by mistake in X-Windows netcfg. Remove that entry.
2.) Traceroute usually defaults to eth0 even two interfaces are installed
and detected. Do:
# traceroute -i eth1 xxx.xxx.xxx.xxx
eth1 is assumed to be the interface connected to the internet
3.) I do believe that the problem you are experiencing with FTP has to with
the MASQ FTP module not being loaded. IP MASQ does not fully support FTP by
nature. What I mean is that FTP uses two ports: Port 21 for the connection
itself and port 20 for the data. When you can easily connect to an FTP
server, an "ls" for instance would result in an error similar to the one you
provided. The error clearly shows that FTP-DATA is trying to use the same
port (port 21) as FTP while it should be using port 20. The module
"ip_masq_ftp.o" fixes that problem. Therefore, at the beginning of your
rules, place this:
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
That should take care of your problems. Ciao!!!
Good Luck!!!
Jeff Jadwin wrote:
> I got ip masquerading working with my 2 systems with very little fuss or
> bother. Both are running linux(RH 5.1), but I have a couple of things
> puzzling me. If these have been covered over & over here I apologize.
> When I went to the mailing list archive and clicked on a link to view a
> message, it just loaded the list of messages again(was I missing
> something?). Also, the mini-howto doesn't address this, the faq it
> refers you too is older than dirt (last revised 1/7/96)and only the
> concepts seem to apply anymore, and the IP Masquerade Resource Page
> (masq.home.ml.org) has been down for the past 4 days I've been working
> on this. So please don't give me "RTFM", but if there is something you
> think I should read, don't hesitate to point me in the right direction.
>
> Anyway, the first problem is that when the box behind the firewall
> boots, I get the following message:
>
> loading device 'eth0'...
> ne.c:v1.0 9/23/94 Donald Becker ([EMAIL PROTECTED])
> NE*000 ethercard probe at 0x300: 00 c0 a8 00 19 5e
> eth0: NE2000 found at 0x300, using IRQ5.
> loading device 'eth1'...
>
> Now, I only have one nic in my box, so the first 3 lines aren't any
> problem. The problem is with 'eth1'. I never had a 2nd nic installed,
> and I've never set up a 2nd nic. I can't find any reference to an eth1
> anywhere in my startup scripts. This just started appearing after I
> started using ip masquerading(if it was there before I never noticed
> it). If I run ifconfig, it only lists lo & eth0, so it tries but does
> not successfully set up an eth1. Anybody have any ideas?
>
> Secondly, I can successfully run a traceroute from the box behind the
> firewall, but if I try it from the firewall box itself I get
> "traceroute: Warning: Multiple interfaces found; using 192.168.1.1 @
> eth0". I figured it would be the other way around, that the one behind
> the firewall would be more limited.
>
> Lastly, I have a problem using ftp from the box behind the firewall. I
> can connect to an ftp server. I can also do a 'pwd' and 'cd', but when
> I do 'ls' I get the following:
>
> 500 Illegal PORT Command
> ftp: bind: Address already in use
>
> Occaisionally I don't even get that; I get no response, no 'ftp>'
> prompt, and the connection finally times out. I usually get the illegal
> port message though. This may or may not be fixable, I don't know.
>
> In addition to running the newest stable kernel (2.0.36) on the firewall
> box, and compiling everything into the kernel as suggested in the
> ip-masq mini-howto, I issue the following ipfwadm command to begin the
> masquerading(using ipfwadm 2.3.0):
>
> ipfwadm -F -p deny
> ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
>
> Does this look about right? The man page for ipfwadm almost caused more
> confusion than it helped. I took that command line straight out of the
> mini-howto.
>
> I'm sorry for being so long-winded, but if anybody can offer some
> assistance with any of these problems I would appriciate it.
>
> -Jeff
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
--
Audie P.
The perimeters that we put on ourselves
are self-imposed...There are no boundaries.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
