[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Passive FTP thru ip_masq_ftp

On Mon, May 15, 2000 at 11:23:23AM +0200, William Brioschi wrote:
> My solution is: map the FTP server to PUBLIC_NAT on the Linux box; plus,
> masquerade the client connection to the FTP server as coming from the Linux
> box (so that the external network knows where to route the answers).

Good luck. I wasn't able to get this going with NAT.

> The problem is: passive FTP from a client to the server doesn't work. is
> this a problem with ip_masq_ftp? is there anything I can do to make it work?

ip_masq_ftp is not designed to do this. It just works with clients inside
and servers outside. I used to use redir for this kind of setup, but with
the latest FTP exploits decided to go full proxy. This is the only secure
way to set this up. Unfortunately there does not seem to be a fully
transparent ftp gateway except ftp-gw from fwtk combined with some patches
from the wild.

Michael Meskes
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!

Reply to: