Re: Passive FTP thru ip_masq_ftp

To: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
Subject: Re: Passive FTP thru ip_masq_ftp
From: Michael Meskes <meskes@debian.org>
Date: Mon, 15 May 2000 17:10:37 +0200
Message-id: <[🔎] 20000515171037.A899@fam-meskes.de>
Mail-followup-to: "'debian-firewall@lists.debian.org'" <debian-firewall@lists.debian.org>
In-reply-to: <[🔎] 7B6BFF658A22D41184B300E018C252D44368@FIREBALL>; from wbrioschi@netcommunication.it on Mon, May 15, 2000 at 11:23:23AM +0200
References: <[🔎] 7B6BFF658A22D41184B300E018C252D44368@FIREBALL>

On Mon, May 15, 2000 at 11:23:23AM +0200, William Brioschi wrote:
> My solution is: map the FTP server to PUBLIC_NAT on the Linux box; plus,
> masquerade the client connection to the FTP server as coming from the Linux
> box (so that the external network knows where to route the answers).

Good luck. I wasn't able to get this going with NAT.

> The problem is: passive FTP from a client to the server doesn't work. is
> this a problem with ip_masq_ftp? is there anything I can do to make it work?

ip_masq_ftp is not designed to do this. It just works with clients inside
and servers outside. I used to use redir for this kind of setup, but with
the latest FTP exploits decided to go full proxy. This is the only secure
way to set this up. Unfortunately there does not seem to be a fully
transparent ftp gateway except ftp-gw from fwtk combined with some patches
from the wild.

Michael
-- 
Michael Meskes
Michael@Fam-Meskes.De
Go SF 49ers! Go Rhein Fire!
Use Debian GNU/Linux! Use PostgreSQL!

Reply to:

References:
- Passive FTP thru ip_masq_ftp
  - From: William Brioschi <wbrioschi@netcommunication.it>

Prev by Date: Passive FTP thru ip_masq_ftp
Next by Date: Re: Satellite connection....
Previous by thread: Passive FTP thru ip_masq_ftp
Next by thread: Re: Satellite connection....
Index(es):
- Date
- Thread