Re: ftping through a router
Help me unsubscribe Thanks - Original Message - From: Wayne Topa [EMAIL PROTECTED] To: debian-user@lists.debian.org Sent: 1999. lipanj 28 18:13 Subject: Re: ftping through a router Subject: Re: ftping through a router Date: Mon, Jun 28, 1999 at 09:09:05AM -0500 In reply to:Robert Rati Quoting Robert Rati([EMAIL PROTECTED]): That's exactly the case, ans setting the ftp client to passive mode worked. I use ipchains to set the firewall rules thusly: Default input chain is ACCEPT Default forward chain is DENY with two entries to MASQ for ppp0 and eth0 Default output chain is ACCEPT I don't see how these rules prevent the active mode of ftp. What do the rules need to allow for active ftp to work? Also, where is this ip_masq_ftp module you are referring to? Is it a kernel module? If so, I don't have it, but I compiled everything into the kernel that I thought I'd need. I didn't use modules at all. Know any way to check to see if that functionality is there? Thanks for all your help. Rob less /usr/src/linux/Documentation/Configure.help / ip_masq_ftp.o IP: masquerading CONFIG_IP_MASQUERADE [ snip ] If you say Y here, then the modules ip_masq_ftp.o (for ftp file transfers), ip_masq_irc.o (for irc chats), ip_masq_quake.o (you guessed it), ip_masq_vdolive.o (for VDOLive video connections), ip_masq_cuseeme.o (for CU-SeeMe broadcasts) and ip_masq_raudio.o (for RealAudio downloads) will automatically be compiled. They are needed to make masquerading for these protocols work. Modules are pieces of code which can be inserted in and removed from the running kernel whenever you want; read Documentation/modules.txt for details. -- Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN. ___ Wayne T. Topa [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ftping through a router
I guess that you used ipfwadm/ipchains to set your box as a router. What's probably happening is that you have blocked the incoming connection from the ftp server. To solve this you can either change your ip rules or try and use the passive (pasv) form of ftp where the server tells the client the port to connect to and the client then does the connection: note that some windows FTP clients can't do this commonly the dos box ones can't. On Sun, Jun 27, 1999 at 12:00:40AM -0500, Robert Rati wrote: I setup a router for a home network, and everything seems to work fine but one thing. I can't use ftp. I can connection to sites outside my network via ftp, but I can't do the ls command. Usually, when you do a lsc, you get something back like: 200 Port Command or something like that, but instead, I get: 500 Illegal PORT Command If you are masquerading, make sure you have the module ip_masq_ftp.
Re: ftping through a router
That's exactly the case, ans setting the ftp client to passive mode worked. I use ipchains to set the firewall rules thusly: Default input chain is ACCEPT Default forward chain is DENY with two entries to MASQ for ppp0 and eth0 Default output chain is ACCEPT I don't see how these rules prevent the active mode of ftp. What do the rules need to allow for active ftp to work? Also, where is this ip_masq_ftp module you are referring to? Is it a kernel module? If so, I don't have it, but I compiled everything into the kernel that I thought I'd need. I didn't use modules at all. Know any way to check to see if that functionality is there? Thanks for all your help. Rob On Mon, 28 Jun 1999, Michael Talbot-Wilson wrote: I guess that you used ipfwadm/ipchains to set your box as a router. What's probably happening is that you have blocked the incoming connection from the ftp server. To solve this you can either change your ip rules or try and use the passive (pasv) form of ftp where the server tells the client the port to connect to and the client then does the connection: note that some windows FTP clients can't do this commonly the dos box ones can't. On Sun, Jun 27, 1999 at 12:00:40AM -0500, Robert Rati wrote: I setup a router for a home network, and everything seems to work fine but one thing. I can't use ftp. I can connection to sites outside my network via ftp, but I can't do the ls command. Usually, when you do a lsc, you get something back like: 200 Port Command or something like that, but instead, I get: 500 Illegal PORT Command If you are masquerading, make sure you have the module ip_masq_ftp. === [EMAIL PROTECTED] : Role-Player, Babylon 5 fanatic 1998-99 Aka Khyron the Backstabber : ICQ# 2325055 Homepage: www.cs.purdue.edu/homes/ratirh Happiness comes in short spurts. Don't be fooled. ===
Re: ftping through a router
Hi, Check out the IP Maswquerading HOWTO. Here is some info from my notes: IP Forwarding: http://www.tor.shaw.wave.ca/~ambrose/ipmasq-HOWTO-2.html Requirements: - Kernel with options compiled (as total or in modules) - TCP/IP connectivity for the LAN NOTE: See NET-3 HOWTO and http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri - Connectivity for the Linux gateway - Ipfwadm 2.3 NOTE: Homepage is http://www.xos.nl/linux/ipfwadm/ - Optional Kernel patches NOTE: Check these out HTH, Steve ps I don't have the FTP patches included which is strange, but I am using 2.0.36 so mebbe you don't need them. On Mon, Jun 28, 1999 at 09:09:05AM -0500, Robert Rati wrote: That's exactly the case, ans setting the ftp client to passive mode worked. I use ipchains to set the firewall rules thusly: Default input chain is ACCEPT Default forward chain is DENY with two entries to MASQ for ppp0 and eth0 Default output chain is ACCEPT I don't see how these rules prevent the active mode of ftp. What do the rules need to allow for active ftp to work? Also, where is this ip_masq_ftp module you are referring to? Is it a kernel module? If so, I don't have it, but I compiled everything into the kernel that I thought I'd need. I didn't use modules at all. Know any way to check to see if that functionality is there? Thanks for all your help. Rob On Mon, 28 Jun 1999, Michael Talbot-Wilson wrote: I guess that you used ipfwadm/ipchains to set your box as a router. What's probably happening is that you have blocked the incoming connection from the ftp server. To solve this you can either change your ip rules or try and use the passive (pasv) form of ftp where the server tells the client the port to connect to and the client then does the connection: note that some windows FTP clients can't do this commonly the dos box ones can't. On Sun, Jun 27, 1999 at 12:00:40AM -0500, Robert Rati wrote: I setup a router for a home network, and everything seems to work fine but one thing. I can't use ftp. I can connection to sites outside my network via ftp, but I can't do the ls command. Usually, when you do a lsc, you get something back like: 200 Port Command or something like that, but instead, I get: 500 Illegal PORT Command If you are masquerading, make sure you have the module ip_masq_ftp. === [EMAIL PROTECTED] : Role-Player, Babylon 5 fanatic 1998-99 Aka Khyron the Backstabber : ICQ# 2325055 Homepage: www.cs.purdue.edu/homes/ratirh Happiness comes in short spurts. Don't be fooled. === -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ftping through a router
Subject: Re: ftping through a router Date: Mon, Jun 28, 1999 at 09:09:05AM -0500 In reply to:Robert Rati Quoting Robert Rati([EMAIL PROTECTED]): That's exactly the case, ans setting the ftp client to passive mode worked. I use ipchains to set the firewall rules thusly: Default input chain is ACCEPT Default forward chain is DENY with two entries to MASQ for ppp0 and eth0 Default output chain is ACCEPT I don't see how these rules prevent the active mode of ftp. What do the rules need to allow for active ftp to work? Also, where is this ip_masq_ftp module you are referring to? Is it a kernel module? If so, I don't have it, but I compiled everything into the kernel that I thought I'd need. I didn't use modules at all. Know any way to check to see if that functionality is there? Thanks for all your help. Rob less /usr/src/linux/Documentation/Configure.help / ip_masq_ftp.o IP: masquerading CONFIG_IP_MASQUERADE [ snip ] If you say Y here, then the modules ip_masq_ftp.o (for ftp file transfers), ip_masq_irc.o (for irc chats), ip_masq_quake.o (you guessed it), ip_masq_vdolive.o (for VDOLive video connections), ip_masq_cuseeme.o (for CU-SeeMe broadcasts) and ip_masq_raudio.o (for RealAudio downloads) will automatically be compiled. They are needed to make masquerading for these protocols work. Modules are pieces of code which can be inserted in and removed from the running kernel whenever you want; read Documentation/modules.txt for details. -- Real Programmers don't write in PL/I. PL/I is for programmers who can't decide whether to write in COBOL or FORTRAN. ___ Wayne T. Topa [EMAIL PROTECTED]
ftping through a router
I setup a router for a home network, and everything seems to work fine but one thing. I can't use ftp. I can connection to sites outside my network via ftp, but I can't do the ls command. Usually, when you do a lsc, you get something back like: 200 Port Command or something like that, but instead, I get: 500 Illegal PORT Command I can cd and pwd, but can't get a file listing. Do I have to do some kid of port redirection or something on the router? I can't tell whether I can send or recieve files since I can't get dir listings. Does anyone have any info on this? Thanks. Rob === [EMAIL PROTECTED] : Role-Player, Babylon 5 fanatic 1998-99 Aka Khyron the Backstabber : ICQ# 2325055 Homepage: www.cs.purdue.edu/homes/ratirh Happiness comes in short spurts. Don't be fooled. ===
Re: ftping through a router
Hi Rob, FTP is a difficult protocol in that it uses two channels/connections. The first one is the command channel which is the one you, the client, makes when it connects to the FTP server. The second is the data channel which the server makes BACK to the client when any data, such as a file or directory listing, is requested. The server connects from any port 1023 to the client on port 20, ftp-data. I guess that you used ipfwadm/ipchains to set your box as a router. What's probably happening is that you have blocked the incoming connection from the ftp server. To solve this you can either change your ip rules or try and use the passive (pasv) form of ftp where the server tells the client the port to connect to and the client then does the connection: note that some windows FTP clients can't do this commonly the dos box ones can't. Finally, if security is your concern you could use an ftp proxy such as the ones in the TIS Firewall toolkit. HTH, Steve On Sun, Jun 27, 1999 at 12:00:40AM -0500, Robert Rati wrote: I setup a router for a home network, and everything seems to work fine but one thing. I can't use ftp. I can connection to sites outside my network via ftp, but I can't do the ls command. Usually, when you do a lsc, you get something back like: 200 Port Command or something like that, but instead, I get: 500 Illegal PORT Command I can cd and pwd, but can't get a file listing. Do I have to do some kid of port redirection or something on the router? I can't tell whether I can send or recieve files since I can't get dir listings. Does anyone have any info on this? Thanks. Rob === [EMAIL PROTECTED] : Role-Player, Babylon 5 fanatic 1998-99 Aka Khyron the Backstabber : ICQ# 2325055 Homepage: www.cs.purdue.edu/homes/ratirh Happiness comes in short spurts. Don't be fooled. === -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
