Passive FTP thru ip_masq_ftp

To: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
Subject: Passive FTP thru ip_masq_ftp
From: William Brioschi <wbrioschi@netcommunication.it>
Date: Mon, 15 May 2000 11:23:23 +0200
Message-id: <[🔎] 7B6BFF658A22D41184B300E018C252D44368@FIREBALL>

I have this configuration:

clients -- Internet -- Linux box -- private network -- router -- external
network -- FTP server

The client must access the FTP server which resides in a network out of my
control. The FTP server has IP address PRIVATE_NAT.

My solution is: map the FTP server to PUBLIC_NAT on the Linux box; plus,
masquerade the client connection to the FTP server as coming from the Linux
box (so that the external network knows where to route the answers).

The Linux gateway is configured this way:

ip route add nat PUBLIC_NAT via PRIVATE_NAT
ip rule add prio 3000 from PRIVATE_NAT nat PUBLIC_NAT
modprobe ip_masq_ftp
ipchains -A forward -d PRIVATE_NAT -j MASQ

The problem is: passive FTP from a client to the server doesn't work. is
this a problem with ip_masq_ftp? is there anything I can do to make it work?

William

Reply to:

Follow-Ups:
- Re: Passive FTP thru ip_masq_ftp
  - From: Michael Meskes <meskes@debian.org>

Prev by Date: Re: Connecting through firewall
Next by Date: Re: Passive FTP thru ip_masq_ftp
Previous by thread: Re: Connecting through firewall
Next by thread: Re: Passive FTP thru ip_masq_ftp
Index(es):
- Date
- Thread