Re: [masq] IP Masq - FTP problems

Sat, 9 Jan 1999 15:39:37 -0500 


>1)  My friend has an ftp site that for some reason I can't get data transers
from .  I can log in to the >site just fine, but when The site sends me a
directory list, I get a 
>  
>425 can't build data connection:  No route to host
>can't initiate data transfer.
 >
>I can connect to every other site that I've tried.  The site I'm connecting to
is not at PORT 21 it's at >PORT 2001 and he's running glftpd not the standard
ftpd from red hat.

Ahhh.. check.  You either need to do FTPs with the PASV mode or
you need to load the ip_masq_ftp module with:

        /sbin/insmod ip_masq_ftp ports=21,2001

This is what the /usr/src/linux/net/ipv4/ip_masq_ftp.c source code says:

--
 * Multiple Port Support
 *      The helper can be made to handle up to MAX_MASQ_APP_PORTS (normally 12)
 *      with the port numbers being defined at module load time.  The module
 *      uses the symbol "ports" to define a list of monitored ports, which can
 *      be specified on the insmod command line as
 *              ports=x1,x2,x3...
 *      where x[n] are integer port numbers.  This option can be put into
 *      /etc/conf.modules (or /etc/modules.conf depending on your config)
 *      where modload will pick it up should you use modload to load your
 *      modules.
 *
 */
--


>2) I can't connect directly with ICQ.  I can send messages through the server,
but I can't chat or send a >direct message.

Did you properly configure ICQ for:

        - non-socks firewall
        - limit ports to 2000-2020
        
Did you change the IPFWADM UDP timeout to 8 minutes?

Did you setup IPPORTFW and forward ports 2000-2020 to your
MASQed ICQ machine?


Anyway, the TrinityOS doc (updated yesterday and today), have all
these settings documented.  Just check out:

        11 - Patching, Compiling, and installing IPPORTFW

        10 - MASQ startup and advanced firewall rulesets for single and multi-NIC
setups

--David
.----------------------------------------------------------------------------.
|  David A. Ranch - Linux/Networking/PC hardware         [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to