Re: your mail - sorry for empty subject.
-= dara =- (firstname.lastname@example.org) wrote:
> I believe ip_masq_ftp is only used for enabling FTP clients on the internal
> (192.168.1.0) network to connect to an FTP server on the external (internet
> in my case) network. Please correct me if I am wrong.
And the other way arount, iirc.
> What I want, is a way for people on internet to be able to connect (both
> active and passive) to my FTP server. And my FTP server (192.168.1.13) is
> located on the internal network.
> With portforwarding, it is possible to make both active and passive
> connections. But with passive it is not possible to fetch any data. I
> believe this is becasue my firewall (192.168.1.1) is not accepting the FTP
> servers request to open a new port. Can I make a ipchains rule to allow
It should work with ipchains, if you allow Packets
from and to Ports 20, 21 and >1024 of your
FTP-Server (syn-Packets *to* the server need only
to go to Port 21).
The nicer solution is to use connection-tracking
(with Kernel 2.4 and iptables) and the
ip_conntrack_ftp module. This will open just the