lug-bg: iptables and PREROUTING
Zdraveite vsichki. Naskoro mi se sluchi da configuriram edin server na edin priatel i s iznenada razbrah che dostavchika mu e filtriral port 21 i veroiatno i port 20. Taka che sichki mashini zad toia server ne mogat da dostypvat do ftp. Pomislih malko i reshih da prekaram vsichki ftp packeti presz drug server na koito sym pusnal ftp proxy na port 3128. Eto kak go napravih: iptables -A PREROUTING -t nat -p tcp -s local.net.addre.ss -d 0.0.0.0/0 --dport 21 -j DNAT --to ftp.proxy.addre.ss:3128 Spored ochakvaniata mi tova triabvashe da sraboti no reszultatyt e slednia. C:\WINDOWS>ftp ftp.cdrom.com Connected to wcarchive.cdrom.com. I do tuk umira sled koeto dava timeout Interesnoto e che ako sloja na brousera tova ftp proxy sichko si bachka. Neshto propuskam li ? mano =-rw-r--r--=== Pazardjik.com System Administrator email: [EMAIL PROTECTED] icq: 9362972 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: iptables and PREROUTING
On Sunday 26 May 2002 17:02, you wrote: > Zdraveite vsichki. > > Naskoro mi se sluchi da configuriram edin server na edin priatel i s > iznenada razbrah che dostavchika mu e filtriral port 21 i veroiatno i port > 20. > > Taka che sichki mashini zad toia server ne mogat da dostypvat do ftp. > > Pomislih malko i reshih da prekaram vsichki ftp packeti presz drug server > na koito sym pusnal ftp proxy na port 3128. > > Eto kak go napravih: > > iptables -A PREROUTING -t nat -p tcp -s local.net.addre.ss -d 0.0.0.0/0 > --dport 21 -j DNAT --to ftp.proxy.addre.ss:3128 > > > Spored ochakvaniata mi tova triabvashe da sraboti no reszultatyt e > slednia. > > C:\WINDOWS>ftp ftp.cdrom.com > Connected to wcarchive.cdrom.com. > > I do tuk umira sled koeto dava timeout opitva da pravi active ftp session, opitaj s passive, tovaga ftp clienta iniciira connection-a, a ne kakto e pri active server-a da upload-va kym clienta, i v slu4aq ne mozhe da go dostypne stoto e nat-van. > Interesnoto e che ako sloja na brousera tova ftp proxy sichko si bachka. stoto browser-a po default pravi passive ftp session ;-) > Neshto propuskam li ? v kernel-a na NAT box-a support za FTP connection tracking. [ftp conn track helper - built-in ili module] demek CONFIG_IP_NF_FTP pri NAT-vani machini tova se iziskava (helpers) za FTP, DCC pri IRC i nqkoj drugi po-specialni protokoli ot tova visoko nivo. RealAudio ? -- Greets, fr33zb1 A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: iptables and PREROUTING
On Sun, May 26, 2002 at 05:02:05PM +0300, Marian Popov wrote: > > > Zdraveite vsichki. > > Naskoro mi se sluchi da configuriram edin server na edin priatel i s > iznenada razbrah che dostavchika mu e filtriral port 21 i veroiatno i port > 20. > > Taka che sichki mashini zad toia server ne mogat da dostypvat do ftp. > > Pomislih malko i reshih da prekaram vsichki ftp packeti presz drug server > na koito sym pusnal ftp proxy na port 3128. > > Eto kak go napravih: > > iptables -A PREROUTING -t nat -p tcp -s local.net.addre.ss -d 0.0.0.0/0 --dport 21 >-j DNAT --to ftp.proxy.addre.ss:3128 > > > Spored ochakvaniata mi tova triabvashe da sraboti no reszultatyt e > slednia. > > C:\WINDOWS>ftp ftp.cdrom.com > Connected to wcarchive.cdrom.com. > > I do tuk umira sled koeto dava timeout > > Interesnoto e che ako sloja na brousera tova ftp proxy sichko si bachka. > > Neshto propuskam li ? Ahu - kogato ukajesh na browser-a niakakvo proxy toi (browsera) veche znae che stava duma za proxy i si formatira zaiavkite po specialen nachin. Na men specialno ne mi e izvesten nachin za puskane na FTP transparent proxy... ne che e nevazmojno da se postigne (teoretichno), no ne znam niakoi da go e pravil. -- Theodor Milkov Administrator IP Networks Davidov Electric Ltd.Phone: +359 (2) 730158 PGP: http://www.zimage.delbg.com/zimage.asc A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: iptables and PREROUTING
Zdravej, En réponse à Marian Popov <[EMAIL PROTECTED]>: > > > Zdraveite vsichki. > > Naskoro mi se sluchi da configuriram edin server na edin priatel i s > iznenada razbrah che dostavchika mu e filtriral port 21 i veroiatno i > port > 20. > > Taka che sichki mashini zad toia server ne mogat da dostypvat do ftp. > > Pomislih malko i reshih da prekaram vsichki ftp packeti presz drug > server > na koito sym pusnal ftp proxy na port 3128. > > Eto kak go napravih: > > iptables -A PREROUTING -t nat -p tcp -s local.net.addre.ss -d 0.0.0.0/0 > --dport 21 -j DNAT --to ftp.proxy.addre.ss:3128 > > > Spored ochakvaniata mi tova triabvashe da sraboti no reszultatyt e > slednia. > > C:\WINDOWS>ftp ftp.cdrom.com > Connected to wcarchive.cdrom.com. > > I do tuk umira sled koeto dava timeout > > Interesnoto e che ako sloja na brousera tova ftp proxy sichko si > bachka. > > Neshto propuskam li ? > Ako proxyto ti e squid, toj ne poddyrja transparent ftp proxy. Toj moje da raboti kato ftp proxy over http, kakvoto i da znachi tova. Web browserite tochno po toia protokol otvariat ftp serveri prez proxy. Za ftp transparent proxy vij http://frox.sourceforge.net/. Ne sym go probval obache ... Oshte neshto, ako proxyto ti e na razlichna mashina ot taia, koiato pravi NAT, triabva da dobavish i neshto kato : iptables -A POSTROUTING -t nat -p tcp -s local.net.addre.ss -d ftp.proxy.addre.ss -j SNAT --to router.addre.ss za da znae proxy machinata da vryshta otgovorite na routera, a ne direktno na klientskata mashina. Andrei Boyanov A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
Re: lug-bg: iptables and PREROUTING
> > > > > > Ako proxyto ti e squid, toj ne poddyrja transparent ftp proxy. Toj moje da > raboti kato ftp proxy over http, kakvoto i da znachi tova. Web browserite tochno > po toia protokol otvariat ftp serveri prez proxy. > > Za ftp transparent proxy vij http://frox.sourceforge.net/. Ne sym go probval > obache ... > > Oshte neshto, ako proxyto ti e na razlichna mashina ot taia, koiato pravi NAT, > triabva da dobavish i neshto kato : > > > iptables -A POSTROUTING -t nat -p tcp -s local.net.addre.ss -d > ftp.proxy.addre.ss -j SNAT --to router.addre.ss > > za da znae proxy machinata da vryshta otgovorite na routera, a ne direktno na > klientskata mashina. > Ami ako niamam dostyp do mashinata s proxy-to ? Ima li nachin izobsht otva da se napravi ili ne ? > > > Andrei Boyanov > > > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). > http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora > To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html > > A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
