[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: cannot ftp files to a host behind firewall



im sorry, but i dont know ipchains/ipmasqadm

the way im using ftp behind a firewall is with iptables, and without NAT


some lines from my firewall


endable access from everywhere(0/0) to 213.151.128.0/255.255.255.224 on
ports 20 and 21 (inbound trafic):

iptables -A FORWARD -s 0/0 -d 213.151.128.0/255.255.255.224 -p tcp
--dport 20 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 213.151.128.0/255.255.255.224 -p tcp
--dport 21 -j ACCEPT

enable access from 213.151.128.0/255.255.255.224 to everywhere(0/0)
outbound trafic:

iptables -A FORWARD -s 213.151.128.0/255.255.255.224 -d 0/0 -j ACCEPT


this works well, but i dont know how this can be done with NAT

maby you should try an ftp-proxy

http://freshmeat.net/projects/ftpproxy/

i havent tried it, but i think it should work.

mvh
anders

# -----Original Message-----
# From: Joe Hu [mailto:joehu@yahoo.com]
# Sent: 27. september 2001 19:01
# To: Anders Gjære; debian-firewall@lists.debian.org
# Subject: Re: cannot ftp files to a host behind firewall
# 
# 
# Thanks for the reply. Could you please tell me how to make it 
# work by using
# ipchains/ipmasqadm commands? Currently, I'm having the 
# following ftp-related
# lines in my script:
# 
#     /usr/sbin/ipmasqadm portfw -a -P tcp -L ${myip} 20 -R 
# 192.168.1.3 20
#     /usr/sbin/ipmasqadm portfw -a -P tcp -L ${myip} 21 -R 
# 192.168.1.3 21
#     /sbin/insmod ip_masq_ftp
# 
# Any sample code will be highly appreciated.
# 
# thanks,
# joe
# 
# ----- Original Message -----
# From: "Anders Gjære" <Anders@oslo.kvalito.no>
# To: "Joe Hu" <joehu@yahoo.com>; <debian-firewall@lists.debian.org>
# Sent: Thursday, September 27, 2001 12:32 PM
# Subject: RE: cannot ftp files to a host behind firewall
# 
# 
# this is because of the way ftp is working..
# 
# it has 2 different way to work. passive or active.
# 
# and its using ports between 1024-65500 to send data
# 
# do you have restrictions on what ports the internal machines can send
# data through the router?
# 
# another way to solve the problem is to use an ftp-proxy.
# 
# mvh
# anders gjære
# 
# # -----Original Message-----
# # From: Joe Hu [mailto:joehu@yahoo.com]
# # Sent: 27. september 2001 18:15
# # To: debian-firewall@lists.debian.org
# # Subject: cannot ftp files to a host behind firewall
# #
# #
# # I'm having a problem to make ftp work for an internal 
# machine. On the
# # router, I set portfw so that port 20 and 21 (both tcp) are
# # forwarded to to
# # an internal host. From a machine outside the firewall, I run
# # ftp to connect
# # to the router. It did connect to the internal host. That
# # means, the portfw
# # worked. However, I counldn't transfer files to and from the
# # internal host.
# # Could someone help me out?
# #
# # Thanks in advance.
# #
# # joe
# #
# #
# # --
# # To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
# # with a subject of "unsubscribe". Trouble? Contact
# # listmaster@lists.debian.org
# #
# #
# 
# 
# 



Reply to: