When NOT using PASV, I believe the problem has more to do with the use of
non-standard FTP ports than anything else. From my experience, the masq
software uses a different technique when setting up the masq routing entries
for non-standard versus standard FTP port usage. This causes demasquerading
problems when a FTP server trys to do the data connection back to the client
(using of course, ip info from a prior masq'd PORT command).
Provided that the server can support PASV mode, that would be the favored
solution. Unless your friend's server could be altered to use the standard
21 listening port (which appears to satisfy masq). I, for one would welcome
a solution for non-PASV and non-standard PORT servers.
Regards,
Dave Corlew
-----Original Message-----
From: David A. Ranch [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 09, 1999 2:24 PM
To: Carl Engstrom; [EMAIL PROTECTED]
Subject: Re: [masq] IP Masq - FTP problems
>1) My friend has an ftp site that for some reason I can't get data
transers
from . I can log in to the >site just fine, but when The site sends me a
directory list, I get a
>
>425 can't build data connection: No route to host
>can't initiate data transfer.
>
>I can connect to every other site that I've tried. The site I'm connecting
to
is not at PORT 21 it's at >PORT 2001 and he's running glftpd not the
standard
ftpd from red hat.
Ahhh.. check. You either need to do FTPs with the PASV mode or
you need to load the ip_masq_ftp module with:
/sbin/insmod ip_masq_ftp ports=21,2001
This is what the /usr/src/linux/net/ipv4/ip_masq_ftp.c source code says:
--
* Multiple Port Support
* The helper can be made to handle up to MAX_MASQ_APP_PORTS (normally
12)
* with the port numbers being defined at module load time. The module
* uses the symbol "ports" to define a list of monitored ports, which
can
* be specified on the insmod command line as
* ports=x1,x2,x3...
* where x[n] are integer port numbers. This option can be put into
* /etc/conf.modules (or /etc/modules.conf depending on your config)
* where modload will pick it up should you use modload to load your
* modules.
*
*/
--
>2) I can't connect directly with ICQ. I can send messages through the
server,
but I can't chat or send a >direct message.
Did you properly configure ICQ for:
- non-socks firewall
- limit ports to 2000-2020
Did you change the IPFWADM UDP timeout to 8 minutes?
Did you setup IPPORTFW and forward ports 2000-2020 to your
MASQed ICQ machine?
Anyway, the TrinityOS doc (updated yesterday and today), have all
these settings documented. Just check out:
11 - Patching, Compiling, and installing IPPORTFW
10 - MASQ startup and advanced firewall rulesets for single and
multi-NIC
setups
--David
.---------------------------------------------------------------------------
-.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED]
|
!----
----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch
-----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
