[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: your mail - sorry for empty subject.

-= dara =- (daramannen@hotmail.com) wrote:

> I believe ip_masq_ftp is only used for enabling FTP clients on the internal
> (192.168.1.0) network to connect to an FTP server on the external (internet
> in my case) network. Please correct me if I am wrong.

And the other way arount, iirc.
 
> What I want, is a way for people on internet to be able to connect (both
> active and passive) to my FTP server. And my FTP server (192.168.1.13) is
> located on the internal network.
> 
> With portforwarding, it is possible to make both active and passive
> connections. But with passive it is not possible to fetch any data. I
> believe this is becasue my firewall (192.168.1.1) is not accepting the FTP
> servers request to open a new port. Can I make a ipchains rule to allow
> this?

It should work with ipchains, if you allow Packets
from and to Ports 20, 21 and >1024 of your
FTP-Server (syn-Packets *to* the server need only
to go to Port 21). 

The nicer solution is to use connection-tracking
(with Kernel 2.4 and iptables) and the
ip_conntrack_ftp module. This will open just the
ports needed.

-Rolf
Reply to: