RE: cannot ftp files to a host behind firewall
im sorry, but i dont know ipchains/ipmasqadm
the way im using ftp behind a firewall is with iptables, and without NAT
some lines from my firewall
endable access from everywhere(0/0) to 213.151.128.0/255.255.255.224 on
ports 20 and 21 (inbound trafic):
iptables -A FORWARD -s 0/0 -d 213.151.128.0/255.255.255.224 -p tcp
--dport 20 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 213.151.128.0/255.255.255.224 -p tcp
--dport 21 -j ACCEPT
enable access from 213.151.128.0/255.255.255.224 to everywhere(0/0)
outbound trafic:
iptables -A FORWARD -s 213.151.128.0/255.255.255.224 -d 0/0 -j ACCEPT
this works well, but i dont know how this can be done with NAT
maby you should try an ftp-proxy
http://freshmeat.net/projects/ftpproxy/
i havent tried it, but i think it should work.
mvh
anders
# -----Original Message-----
# From: Joe Hu [mailto:joehu@yahoo.com]
# Sent: 27. september 2001 19:01
# To: Anders Gjære; debian-firewall@lists.debian.org
# Subject: Re: cannot ftp files to a host behind firewall
#
#
# Thanks for the reply. Could you please tell me how to make it
# work by using
# ipchains/ipmasqadm commands? Currently, I'm having the
# following ftp-related
# lines in my script:
#
# /usr/sbin/ipmasqadm portfw -a -P tcp -L ${myip} 20 -R
# 192.168.1.3 20
# /usr/sbin/ipmasqadm portfw -a -P tcp -L ${myip} 21 -R
# 192.168.1.3 21
# /sbin/insmod ip_masq_ftp
#
# Any sample code will be highly appreciated.
#
# thanks,
# joe
#
# ----- Original Message -----
# From: "Anders Gjære" <Anders@oslo.kvalito.no>
# To: "Joe Hu" <joehu@yahoo.com>; <debian-firewall@lists.debian.org>
# Sent: Thursday, September 27, 2001 12:32 PM
# Subject: RE: cannot ftp files to a host behind firewall
#
#
# this is because of the way ftp is working..
#
# it has 2 different way to work. passive or active.
#
# and its using ports between 1024-65500 to send data
#
# do you have restrictions on what ports the internal machines can send
# data through the router?
#
# another way to solve the problem is to use an ftp-proxy.
#
# mvh
# anders gjære
#
# # -----Original Message-----
# # From: Joe Hu [mailto:joehu@yahoo.com]
# # Sent: 27. september 2001 18:15
# # To: debian-firewall@lists.debian.org
# # Subject: cannot ftp files to a host behind firewall
# #
# #
# # I'm having a problem to make ftp work for an internal
# machine. On the
# # router, I set portfw so that port 20 and 21 (both tcp) are
# # forwarded to to
# # an internal host. From a machine outside the firewall, I run
# # ftp to connect
# # to the router. It did connect to the internal host. That
# # means, the portfw
# # worked. However, I counldn't transfer files to and from the
# # internal host.
# # Could someone help me out?
# #
# # Thanks in advance.
# #
# # joe
# #
# #
# # --
# # To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
# # with a subject of "unsubscribe". Trouble? Contact
# # listmaster@lists.debian.org
# #
# #
#
#
#
Reply to: