Hi,
I am a system administrator, and we're using a
linux-firewall with ipchains and masquerading. I have this ftp-server at
home that I'm also using for work. At first I just had a windows2k
workstation at home, directly connected to the internet. So I just could set
passive mode on my workstation overhere at work (192.168.what.ever) and my
server accepted the portcommands I gave.
Due to those killing securityholes I decided to
install a linux-firewall. I installed ipchains and masquerading and did the
following to my firewall-script:
/sbin/ipmasqadm -a -P tcp -L
$real_ip 80 -R $webserver_local_ip 80
Of course that works without any problems, I mean I
can connect from the LAN overhere to my local webserver overthere, using the
address of our firewall.
Then I added the following line for being able
to access the ftp-server:
/sbin/ipmasqadm -a -P tcp -L
$real_ip 21 -R $ftpserver_local_ip 21
When I try to login from our firewall (work) to my
local server at home everything works fine, the portforwarding does its job
perfectly. Though whenever I try to connect to my local server from a
masqueraded machine (that is a machine with IP 192.168.what.ever, and set to
passive mode for transfers) it doesn't work. It lets me login, so asks for a
username and a password, but when I issue the 'ls' or the 'dir' command at that
moment, which is actually causing a transfer, it times out on a windows machine.
On a linux machine (for example our mailserver) it gives me a 'somehow' better
description: [ftp_local_ip]: no route to host
hmmm, now that seems natural... Of course my
machine can't find that ip, not even to mention some server with that
identification, but I'm wondering why it tries to reroute me locally to a
non-existing IP and not to my IP given by my isp.
Anyone knows what I'm doing wrong, is this some
basic stuff (I wouldn't be surprised, pretty new to linux-firewalling) or is
this a well-known problem?
Any help would be greatly appreciated
:)
Tijl Schoonenberg
|