[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables ... revisited ... problems with ftp connections

On Tue, Sep 19, 2000 at 02:01:26AM -0400, michael a. hacker wrote:
> most people are able to access my ftp through the firewall
> with no problems, but some are having nothing but problems.
> after a little investigation i have found that the people who
> are having problems are users who themselves are masq'd behind
> which ever type of connection they have.

The problem is that the masq modul for FTP is monitoring only connections on
the FTP control port for the PORT command. So if your control port is on
another high port the masq modul wont notice that it is a FTP connection and
therefore wont rewrite the PORT command or the PASV response. Therefore this
will be thw wrong address.

You users could add your FTP control port to the list of monitored ports
(ports= at module oad time or ip_masq_ftp in linux kernel 2.2.x).

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: