Re: ipmasq and ftp

To: "debian users" <debian-user@lists.debian.org>
Subject: Re: ipmasq and ftp
From: "Benedict Verheyen" <linux4bene@pandora.be>
Date: Tue, 29 Oct 2002 01:40:04 +0100
Message-id: <[🔎] 000b01c27ee3$b95ab240$0f00a8c0@camelot>
References: <[🔎] 001401c27ebd$d0d16de0$0f00a8c0@camelot> <[🔎] 20021028205714.GB3776@bob.n7xy.net>

----- Original Message -----
From: "Bob Nielsen" <nielsen@oz.net>
To: "debian users" <debian-user@lists.debian.org>
Sent: Monday, October 28, 2002 9:57 PM
Subject: Re: ipmasq and ftp

> I had this problem with a 2.4 kernel and iptables.  Normal FTP uses a
> separate connection for data, although if you use passive mode, it will
> work over the main connection.  If I use a 2.2 kernel with ipchains,
> the ip_masq_ftp module, which takes care of the data connection, will
> be installed and there are no problems.
>
> I find the documentation on setting up iptables to be somewhat
> confusing, but I figure I just haven't spent enough time on it yet.
>
> I have a different problem now however.  I configured port forwarding,
> but if a client outside my lan tries to ftp from my server, it only
> works if passive mode is NOT used.
>
> Bob

Hi,

i'm pretty new to iptables too. Problem with linux is that there is so much
stuff to learn and when you want to get a system up and running, it's not
always clear to what one has to do.
I finally got it to work by removing the ipmasq package and installing
shorewall instead. My server used to be a SuSE7?2 system with the
SuSEfirewall 2 script on it. Quite easy to install but no match for the
debian apt-get and shorewall combo. Try it. It took me 30 minutes
to install, going through a sample config. My ftp connection worked
immediately as did the rest.
SSH didn't work but a simple "ACCEPT loc fw tcp ssh" entry in the
/etc/shorewall/rules file solved that. Wow, very impressive.

Only problem i still have is that when i log on to the system say
on ttys1 for instance, that i get log messages of unauthorized access.
The shorewall faq said this on it:

"16. Shorewall is writing log messages all over my console making it
unusable!
Answer: "man dmesg" -- add a suitable 'dmesg' command to your startup
scripts or place it in /etc/shorewall/start. Under RedHat, the max log level
that is sent to the console is specified in /etc/sysconfig/init in the
LOGLEVEL variable."

But i don't know how to do this.
I think adding dmesg -n 1 to the /etc/init.d/shorewall script would
solve that but i'm not sure.

Another thing i noticed is that there is a K99shorewall and a S99shorewall
link in /etc/rc2.d
No other programs seems to have both a kill and start service link in here.

Reply to:

Follow-Ups:
- Re: ipmasq and ftp
  - From: Bob Nielsen <nielsen@oz.net>

References:
- ipmasq and ftp
  - From: "Benedict Verheyen" <linux4bene@pandora.be>
- Re: ipmasq and ftp
  - From: Bob Nielsen <nielsen@oz.net>

Prev by Date: Re: portfw timeout
Next by Date: /etc/init.d services start/stop question
Previous by thread: Re: ipmasq and ftp
Next by thread: Re: ipmasq and ftp
Index(es):
- Date
- Thread