[masq] FW: [masq] FTP and other services
I've got the ip_masq_ftp module loaded (in kernel 2.0.34) and have no problems FTPing as a client behind the the masq box, or connecting to the FTP service running on the masq'ed box from either side... As long as the the username making the connection has an account on the linux box. -brian [EMAIL PROTECTED] -Original Message- From: Fred Viles [SMTP:[EMAIL PROTECTED]] Sent: Friday, February 05, 1999 4:22 PM To: [EMAIL PROTECTED]; David Dionne Subject:Re: [masq] FTP and other services On 5 Feb 99, at 14:22, David Dionne wrote about "[masq] FTP and other services": | Hey, I am running masq at home with a 192.168.1.0/24 network. Everything | seems to be working fine but ftp. I seem to remember hearing something | about ftp and mabey some other services that are affected as well. Does | anyone have any suggestions? If you are talking about an ftp client running on a masqueraded machine, talking to an external server, only passive mode will work unless you load the ip_masq_ftp FTP masq module. If you are talking about running an FTP server on a masqueraded machine, you need to use port-forwarding (the IPPORTFW patch for 2.0.x kernels) to forward incoming connections correctly. That will enable external clients using non-passive mode to work. But PASV mode will not work for the external clients. To support external PASV mode clients, further patches to the kernel and the ip_masq_ftp module are required. - Fred Viles mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FTP
On Thu, 4 Feb 1999, Jon Oransky wrote: Ok, I have IP Masq set up on my linux machine, I also have 2 other computers, one w/ NT the other w/ 95. What is the best way to set up an FTP site on my NT machine w/ IP Masq. Some people have told me to just run SAMBA and map the files from the ftp site onto my NT machines drive. Would this be the ideal way of doing it? or should I use ipautofw to forward all incoming to port 21 to my NT machine? If ipautofw is a good solution, what do I need to do exactly to set this up? I'm not sayting that it's the "best" way as you put it, but the way I did it for my machine was to use samba, and just map things into my /home/ftp directory. Good luck, and keep us posted, MarkJ ``We can't be so fixated on our desire to preserve the rights of ordinary Americans ...'' -- Bill Clinton (USA TODAY, 11 March 1993, page 2A) My main goal has always been to be in the position that I'm not ashamed of what I've done or am doing, and that I'm doing the best I can. -- Linus Torvalds - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] FTP and firewalls
At 10:14 PM 1/28/99 -0600, Fuzzy Fox wrote: Clifford Hammerschmidt [EMAIL PROTECTED] wrote: ipchains -A input -j ACCEPT -y -p tcp -s 0.0.0.0/0 20 -d yourip 1024:65535 This is also the same an -P input ACCEPT... your allowing anyone to connect from their port 20 (easy enough to spoof) to your box on any port above 1023... not a great idea. I think he later changed it to encompass only the masq range, 61000- 65535, but still, the point is valid. Even with the looser ruleset, though, few important services are above the 1024 port range. The only ones that comes to mind are NFS and X, both of which can be specifically blocked. I wouldn't worry so much. Someone using NMap could scan all your upper ports easily. And what would they find there? Any backdoor or Trojan installed on your system by tampered code or previous hacks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] FTP and firewalls
On 28 Jan 99, at 22:28, Tim Fletcher wrote about "Re: [masq] FTP and firewalls": | But this chnage won't help a masqueraded client, because there is no | way to get the packet forwarded to the internal IP. So you seem to | be talking about running the FTP client on the masquerading box | itself? If so, masqerading doesn't enter into it. | | Oh it does | | I run on the ipmasqed firewall: The firewall machine is not masqed, it is the masqER. | /sbin/ipchains -D input -j ACCEPT -p tcp -y -s 0.0.0.0/0 20 -d myip 6:65535 | and then I can ls a dir on sunsite Running ftp client on some machine whose IP is *not* "myip"? Assuming so... | I then run: | /sbin/ipchains -I input -j ACCEPT -p tcp -y -s 0.0.0.0/0 20 -d myip 6:65535 | and I can't ls a dir on sunsite |... Well, of course for masquerading to work at all, the firewall must accept incoming packets for (at least) the range of ports used by masqerading. If replies to masqueraded outgoing packets are not accepted, they can't be demasqueraded/forwarded. Since merely adding this accept rule allows ftp PORT commands to work, you must be running the ip_masq_ftp module. But the fact that you *need* to add it is surprising. I would have thought some other less specific input rule would have accepted these packets. |... - Fred Viles mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] FTP timeout?
I have been running ip masquerading for about a month. I have noticed a glitch which may be a timeout issue: when I transfer a large file (10+Mb) using Netscape on NT, the whole file appears to transfer. Then the little window just hangs there. If I copy the file before hitting cancel (to preserve it) it is only partially intact. I can copy the same file in with a direct connection with no problem, and I only have seen this when copying via the IP masquerading computer. Is this an IP masquerading timeout issue? If so, how can I solve it? Thanks. -- C^2 I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man. -- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D. Thomas Jefferson, Patron Saint of the Internet: http://w3.trib.com/~ccurley/Jefferson.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FTP timeout?
At 10:02 PM 1/16/99 -0800, Fred Viles wrote: On 16 Jan 99, at 15:21, Charles Curley wrote about "[masq] FTP timeout?": | I have been running ip masquerading for about a month. I have noticed a | glitch which may be a timeout issue: when I transfer a large file (10+Mb) | using Netscape on NT, the whole file appears to transfer. Then the little | window just hangs there. This will happen if you are not running the ip_masq_ftp "helper" module. As you guessed, it is probably the control connection timing out while the lengthy data connection is going on. Does lsmod show ip_masq_ftp running? ip_masq_ftp is built into the kernel, not a module. -- C^2 I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man. -- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D. Thomas Jefferson, Patron Saint of the Internet: http://w3.trib.com/~ccurley/Jefferson.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FTP timeout?
Hi I have had the same problem with kernel 2.0.29 and the masq_ftp module - since I have upgraded the kernel to 2.0.33 and also loaded masq_ftp module the problem went away - does anybody know what exactly it takes to fix the timeout problem? I am also running diald. Thanks -Original Message- From: Charles Curley [SMTP:[EMAIL PROTECTED]] Sent: Saturday, January 16, 1999 5:22 PM To: [EMAIL PROTECTED] Subject: [masq] FTP timeout? I have been running ip masquerading for about a month. I have noticed a glitch which may be a timeout issue: when I transfer a large file (10+Mb) using Netscape on NT, the whole file appears to transfer. Then the little window just hangs there. If I copy the file before hitting cancel (to preserve it) it is only partially intact. I can copy the same file in with a direct connection with no problem, and I only have seen this when copying via the IP masquerading computer. Is this an IP masquerading timeout issue? If so, how can I solve it? Thanks. -- C^2 I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man. -- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D. Thomas Jefferson, Patron Saint of the Internet: http://w3.trib.com/~ccurley/Jefferson.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FTP timeout?
On 16 Jan 99, at 15:21, Charles Curley wrote about "[masq] FTP timeout?": | I have been running ip masquerading for about a month. I have noticed a | glitch which may be a timeout issue: when I transfer a large file (10+Mb) | using Netscape on NT, the whole file appears to transfer. Then the little | window just hangs there. This will happen if you are not running the ip_masq_ftp "helper" module. As you guessed, it is probably the control connection timing out while the lengthy data connection is going on. Does lsmod show ip_masq_ftp running? |... - Fred Viles mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] FTP timeout?
It may have been another problem entirely. I compiled ip masquerading into the kernel to speed things up. What I didn't know is that that only compiles the basic masquerading stuff into the kernel. There is no option to make ip_masq_ftp et alia part of the kernel. Since (having assumed otherwise) I took the modprobe statements out of my rc.local initialization script, they weren't loaded. Since figuring out (with the help of another member of the list) that those modules and the modprobe statments are necessary, I loaded the modules manually. I think that may have solved the problem, but haven't yet tested it on a monster file. At 09:31 PM 1/16/99 -0700, Charles Shoemaker wrote: This hasn't happened to me since upgrading to kernel 2.0. May I suggest a couple of things: You can watch the masq action with "ipfwadm -M -l" (little el) and see the port timings. You might try a large file transfer with ftp on you NT machine, and see if you have the same problem. If you do, it's in masquerade, if not, it's in Netscape. Also, activate the masq ftp module in your rc.local with "/sbin/modprobe ip_masq_ftp.o". Let us know. Charlie Shoemaker PS I spaced out your patch question. I'll get a reply to you tomorrow. (If I remember correctly, go to /usr/src/linux and type "patch -p0 -l ../patchfile".) Better details tomorrow morning. Date: Sat, 16 Jan 1999 15:21:57 -0700 To:[EMAIL PROTECTED] From: Charles Curley [EMAIL PROTECTED] Subject: [masq] FTP timeout? I have been running ip masquerading for about a month. I have noticed a glitch which may be a timeout issue: when I transfer a large file (10+Mb) using Netscape on NT, the whole file appears to transfer. Then the little window just hangs there. If I copy the file before hitting cancel (to preserve it) it is only partially intact. I can copy the same file in with a direct connection with no problem, and I only have seen this when copying via the IP masquerading computer. Is this an IP masquerading timeout issue? If so, how can I solve it? Thanks. -- C^2 I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man. -- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D. Thomas Jefferson, Patron Saint of the Internet: http://w3.trib.com/~ccurley/Jefferson.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] "Some people crave baseball - I find this unfathomable - but I can easily understand why a person could get excited about playing a bassoon." -- Frank Zappa - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] -- C^2 I have sworn upon the altar of God eternal hostility against every form of tyranny over the mind of man. -- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D. Thomas Jefferson, Patron Saint of the Internet: http://w3.trib.com/~ccurley/Jefferson.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] FTP timeout?
At 10:02 PM 1/16/99 -0800, Fred Viles wrote: On 16 Jan 99, at 15:21, Charles Curley wrote about "[masq] FTP timeout?": | I have been running ip masquerading for about a month. I have noticed a | glitch which may be a timeout issue: when I transfer a large file (10+Mb) | using Netscape on NT, the whole file appears to transfer. Then the little | window just hangs there. This will happen if you are not running the ip_masq_ftp "helper" module. As you guessed, it is probably the control connection timing out while the lengthy data connection is going on. Does lsmod show ip_masq_ftp running? ip_masq_ftp is built into the kernel, not a module. Um, I'm no expert on the masquerading helper modules, but I'm pretty sure it's not possible (easily) to compile this in as part of the kernel. I do know for sure that there is no way to do it with the standard config. You might want to double check your setup. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] IP Masq - FTP problems
Yes, if i fire up an ftp session on one of the clients the "Used By" field increments. I have experimented and found out that only passive ftp sessions work. From a linux box on the lan an ftp session must be switched to "passive" before I "NLIST" a directory. Perhaps this is the way it's supposed to work? Next I'll look at the ip_masq_ftp source code and see just what its doing? --Carl David A. Ranch wrote: No.. to be honest, I don't know what the "Pages" and "Used By" fields mean though, when a module is being used, the "Used By" field will increment per client. So, when you try to FTP out to the internet on port 21, does your ip_masq_ftp counter increase? --David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] IP Masq - FTP problems
I have experimented and found out that only passive ftp sessions work. From a linux box on the lan an ftp session must be switched to "passive" before I "NLIST" a directory. Perhaps this is the way it's supposed to work? No, active FTPs work for most people as long as they are FTPing to a remote site on port 21. Are you using a strong IPFWADM ruleset? Are you allowing port 20 out? --DAvid .. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Ftp across gateway machine
Whenever I try to telnet or ftp to a box behind my gateway I end up with the following error messages: Jan 14 02:06:26 takamine in.telnetd[1550]: connect from unknown Jan 14 02:06:32 takamine in.telnetd[1551]: warning: can't get client address: Connection reset by peer Jan 14 02:06:32 takamine in.telnetd[1551]: connect from unknown Jan 14 02:06:44 takamine in.telnetd[1552]: warning: can't get client address: Connection reset by peer Ping seems to work ok though... any ideas? Thanks, Doug I have the following set-up: Linux box (gateway RH 5.1) -- ppp0 (12.7.120.83) eth0 (12.7.121.239) Linux Box (takamine) -- eth0 (12.7.121.240) Win 95 -- eth (12.7.121.241) - My masq setup is: echo "ip_masq" /sbin/ipfwadm -F -f /sbin/ipfwadm -F -p accept /sbin/depmod -a /sbin/modprobe ip_masq_ftp.o /sbin/modprobe ip_masq_raudio.o /sbin/modprobe ip_masq_irc.o /sbin/modprobe ipip.o /sbin/modprobe ip_alias.o /sbin/ipfwadm -F -a m -S 12.7.121.0/24 -D 0.0.0.0/0 -W ppp0 /sbin/ifconfig eth0 12.7.121.239 /sbin/route add -net 12.7.121.0 - And my routing table looks like: Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface tc1.pacinfo.com * 255.255.255.255 UH0 00 ppp0 12.7.121.0 * 255.255.255.0 U 0 08 eth0 127.0.0.0 * 255.0.0.0 U 0 02 lo default * 0.0.0.0 U 0 0 17 ppp0 default tc1.pacinfo.com 0.0.0.0 UG0 00 ppp0 -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] IP Masq - FTP problems
No, I'm taking about masqueraded client machines connecting to ftp servers on the internet. Some ftp clients work some just hang; usually on a LIST command. What is your Linux box's MTU on the Internet connection? --David .. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] IP Masq - FTP problems
lsmod gives the folling result: Module Pages Used By ax88140 3 1 (autoclean) ip_masq_vdo_live1 0 ip_masq_cuseeme 1 0 ip_masq_irc 1 0 ip_masq_raudio 1 0 ip_masq_ftp 1 0 This is from a running system. Should the helpers be "used by" some process? --Carl Fred Viles wrote: That should work fine. You've verified that the FTP masquerade "helper" module (ip_masq_ftp) is loaded? lsmod should show it. If it's not loaded then masqueraded FTP clients will only work in passive mode. - Fred Viles mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] IP Masq - FTP problems
When NOT using PASV, I believe the problem has more to do with the use of non-standard FTP ports than anything else. From my experience, the masq software uses a different technique when setting up the masq routing entries for non-standard versus standard FTP port usage. This causes demasquerading problems when a FTP server trys to do the data connection back to the client (using of course, ip info from a prior masq'd PORT command). Provided that the server can support PASV mode, that would be the favored solution. Unless your friend's server could be altered to use the standard 21 listening port (which appears to satisfy masq). I, for one would welcome a solution for non-PASV and non-standard PORT servers. Regards, Dave Corlew -Original Message- From: David A. Ranch [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 09, 1999 2:24 PM To: Carl Engstrom; [EMAIL PROTECTED] Subject: Re: [masq] IP Masq - FTP problems 1) My friend has an ftp site that for some reason I can't get data transers from . I can log in to the site just fine, but when The site sends me a directory list, I get a 425 can't build data connection: No route to host can't initiate data transfer. I can connect to every other site that I've tried. The site I'm connecting to is not at PORT 21 it's at PORT 2001 and he's running glftpd not the standard ftpd from red hat. Ahhh.. check. You either need to do FTPs with the PASV mode or you need to load the ip_masq_ftp module with: /sbin/insmod ip_masq_ftp ports=21,2001 This is what the /usr/src/linux/net/ipv4/ip_masq_ftp.c source code says: -- * Multiple Port Support * The helper can be made to handle up to MAX_MASQ_APP_PORTS (normally 12) * with the port numbers being defined at module load time. The module * uses the symbol "ports" to define a list of monitored ports, which can * be specified on the insmod command line as * ports=x1,x2,x3... * where x[n] are integer port numbers. This option can be put into * /etc/conf.modules (or /etc/modules.conf depending on your config) * where modload will pick it up should you use modload to load your * modules. * */ -- 2) I can't connect directly with ICQ. I can send messages through the server, but I can't chat or send a direct message. Did you properly configure ICQ for: - non-socks firewall - limit ports to 2000-2020 Did you change the IPFWADM UDP timeout to 8 minutes? Did you setup IPPORTFW and forward ports 2000-2020 to your MASQed ICQ machine? Anyway, the TrinityOS doc (updated yesterday and today), have all these settings documented. Just check out: 11 - Patching, Compiling, and installing IPPORTFW 10 - MASQ startup and advanced firewall rulesets for single and multi-NIC setups --David .--- -. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | ! ! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] IP Masq - FTP problems
On 10 Jan 99, at 10:15, Carl Petersen wrote about "Re: [masq] IP Masq - FTP problems": | Hi, | I have a new ipmasq setup running just great after I set the mtu on the | ppp0 interface to 1500. Using Win98, linux, WinNT 5.0and BeOS as | clients. | | Could someone shed some light on the FTP issue? I seem to have the | same issue Mr. Engstrom wrote about except the ftp server I'm connecting | to is on port 21. Some ftp clients hang when attempting a file list and | others succeed? Are you talking about outside clients connecting to a masqueraded server? If so, clients using PASV mode (i.e. most web browsers) won't work. - Fred Viles mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] IP Masq - FTP problems
AFAIK this 2000-2020 stuff is not necessary, nor are changing the IPFWADM UDP timeouts. I'm running a 2.0.36 masq right now with the default UDP timeout and no special forwarding for ICQ, and have two hosts behind it running ICQ with no problems. I did configure for a non-socks firewall, however, and set the firewall timeout to ~1 minute. Unless you setup IPPORTFW, ICQ Chat won't work though messaging will. Regarding the changing the of the UDP timeouts, you are right though I found this option in ICQ later. If DO need to change the UDP timeout if you don't change ICQ's firewall timeout. --David .. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] IP Masq - FTP problems
I've got my IP masq working about 85%, but I still have two nagging problems. First, let me say. I have all of the IP_MASQ_X modules loaded and compiled into the kernel. 1) My friend has an ftp site that for some reason I can't get data transers from . I can log in to the site just fine, but when The site sends me a directory list, I get a 425 can't build data connection: No route to host can't initiate data transfer. I can connect to every other site that I've tried. The site I'm connecting to is not at PORT 21 it's at PORT 2001 and he's running glftpd not the standard ftpd from red hat. 2) I can't connect directly with ICQ. I can send messages through the server, but I can't chat or send a direct message. BACKGROUND: I'm 1 month into Linux/Unix. I'm running Red Hat 5.2 and I have the following RC.LOCAL file: path=/sbin:/bin:/etc: echo ip_masq 192.168.100.1echo 1 /proc/sys/net/ipv4/ip_forward /sbin/insmod 3c509.o/sbin/insmod 3c59x.o /sbin/modprobe 3c509 /sbin/depmod -a/sbin/modprobe ip_masq_ftp/sbin/modprobe ip_masq_raudio/sbin/modprobe ip_masq_irc#/sbin/ifconfig -a eth1 192.168.100.10/24 -D 0.0.0.0/0#/sbin/route add -net 24.1.168.74 I've read the Man Pages and the How-to files. I even went through the TrinityOS paper (A little over my head) Any help would be appreciated. Thanks Carl Engstrom
Re: [masq] IP Masq - FTP problems
1) My friend has an ftp site that for some reason I can't get data transers from . I can log in to the site just fine, but when The site sends me a directory list, I get a 425 can't build data connection: No route to host can't initiate data transfer. I can connect to every other site that I've tried. The site I'm connecting to is not at PORT 21 it's at PORT 2001 and he's running glftpd not the standard ftpd from red hat. Ahhh.. check. You either need to do FTPs with the PASV mode or you need to load the ip_masq_ftp module with: /sbin/insmod ip_masq_ftp ports=21,2001 This is what the /usr/src/linux/net/ipv4/ip_masq_ftp.c source code says: -- * Multiple Port Support * The helper can be made to handle up to MAX_MASQ_APP_PORTS (normally 12) * with the port numbers being defined at module load time. The module * uses the symbol "ports" to define a list of monitored ports, which can * be specified on the insmod command line as * ports=x1,x2,x3... * where x[n] are integer port numbers. This option can be put into * /etc/conf.modules (or /etc/modules.conf depending on your config) * where modload will pick it up should you use modload to load your * modules. * */ -- 2) I can't connect directly with ICQ. I can send messages through the server, but I can't chat or send a direct message. Did you properly configure ICQ for: - non-socks firewall - limit ports to 2000-2020 Did you change the IPFWADM UDP timeout to 8 minutes? Did you setup IPPORTFW and forward ports 2000-2020 to your MASQed ICQ machine? Anyway, the TrinityOS doc (updated yesterday and today), have all these settings documented. Just check out: 11 - Patching, Compiling, and installing IPPORTFW 10 - MASQ startup and advanced firewall rulesets for single and multi-NIC setups --David .. | David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] | !! `- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FW: masq FTP help!
Thanks for your response! I'm pretty sure I've configured for the ftp module to be masqing, because I use ftp quite a bit and it works fine except for this instance. I think it has to do with the way masquerade entries are made in the masq table when ftp is connecting to a non-default port (not 21) and setting up for de-masq. For ftp i'm using: "ip_masq_ftp ports=21,12345" and of course from the WIN95 box ftpOPEN xxx.xxx.xxx.xxx 12345 The PORT statement is getting manipulated on the linux - example: PORT 10.0.1.1.5.142 is changed to PORT 204.90.180.84.239.71 (this what the ftp server receives) and entries are made to masq tables on linux (I don't know specifically if they are correct) but .. ipfwadm -M -l shows: prot expire source destinationports tcp 01:06:53 win95.domain mainframe.com 1422 (61255) -- 0 and /proc/net/ip_masquerade shows: Prc FromIP FPrt ToIP TPrt Masq TCP 0A000102:058E CX93AE0E: EF47 0 0 16218 My guess is that ip_masq_ftp somehow manages for default ftp ports 20 and 21 but doesn't for non-default ports? Maybe the ipportfw is the answer. Any help would be greatly appreciated. Dave Corlew -Original Message- From: Tim Fletcher [mailto:[EMAIL PROTECTED]] Sent: Monday, November 16, 1998 10:19 AM To: Corlew, David (GEIS) Cc: [EMAIL PROTECTED] Subject: Re: [masq] FW: masq FTP help! My problem is with ftp! It works successfully using client on win95 box to ftp server (control and data connections) using OPEN host. No problem. But I have a REAL need to open to a certain host server that is enabled to a specific non-default port. OPEN pp The control connection works just fine. However, any PORT protocol command for this type connection is not masq'd. so data connections can't reach my win95 machine. Could anyone help with this one. It sounds like you haven't installed the ftp module for ip masqing Note: The server in question is proprietary and does not support PASV. I have also tried specifying the special port in the "ip_masq_ftp ports=n" and did notice at least the server received a masqueraded port command (in the range 61000-61499) but could not make successful data connection back to my client. Try using ipportfw from ethier a 2.1.124+ kernel or a patch agaist 2.0.35, I can't rember were I found the patch bu it works very well. I can use an nfs server behind the firewall and other fun things. I can mail the patch and the control progie src to you if you want. Tim Fletcher .~. /V\ L I N U X [EMAIL PROTECTED] // \\ Don't fear the penguin [EMAIL PROTECTED] /( )\ ^^-^^ Software, n.: Formal evening attire for female computer analysts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FW: masq FTP help!
My problem is with ftp! It works successfully using client on win95 box to ftp server (control and data connections) using OPEN host. No problem. But I have a REAL need to open to a certain host server that is enabled to a specific non-default port. OPEN pp The control connection works just fine. However, any PORT protocol command for this type connection is not masq'd. so data connections can't reach my win95 machine. Could anyone help with this one. It sounds like you haven't installed the ftp module for ip masqing Note: The server in question is proprietary and does not support PASV. I have also tried specifying the special port in the "ip_masq_ftp ports=n" and did notice at least the server received a masqueraded port command (in the range 61000-61499) but could not make successful data connection back to my client. Try using ipportfw from ethier a 2.1.124+ kernel or a patch agaist 2.0.35, I can't rember were I found the patch bu it works very well. I can use an nfs server behind the firewall and other fun things. I can mail the patch and the control progie src to you if you want. Tim Fletcher .~. /V\ L I N U X [EMAIL PROTECTED] // \\ Don't fear the penguin [EMAIL PROTECTED] /( )\ ^^-^^ Software, n.: Formal evening attire for female computer analysts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Masq/FTP/ipchains
I posted a similar message recently to a Usenet group. Hopefully, you guys will know better: I got my Austin Roadrunner service up and running with Linux (Redhat 5.1 + kernel 1.2.126) masquerading a RFC1918 network. Surprisingly, there is currently no need for the authorization process in my area - I suppose I'll need to watch out for this. There should be a temporary kludge to get it working by running the authorization program on an internal NT box - we'll see. I plan on writing a Linux based process should the need arise. My question to anyone with ipfw experience is this: I would like to open inbound ftp-data sourced requests but only to my masqueraded boxes (to prevent someone manually sourcing the ftp-data port and breaking my firewall). The ftp masq module should take care of any security problems, but since the ipfw stuff is only based on 'real' IP's on the unsecured side, I can't seem to do this. Am I right in assuming this is the case or is there a way to match incoming requests on a 'post masquerade' basis? Essentially, I'd like to do something like: ipchains -A input -i eth0 -p TCP -y -s 0.0.0.0/0 ftp-data -d RFCNET/24 -j ACCEPT where eth0 = RoadRunner connection and RFCNET = my 1918 internal network. or for a step by step description: 1) packet comes in sourced with ftp-data port 2) input filter let's it through 3) masquerade either handles it or passes it though 4) ipfw blocks the packet if masq can't handle it. hopefully, this makes some kind of sense. thanks! -C oh! btw, does anyone have experience setting up GRE tunnels with Linux? I'd be very interested in hearing from you... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FTP problems - no route to host
On 8 Aug 98, at 19:38, Ryan wrote: 220 Exhilirate (glFtpD v1.9.5) ready. User (ftp.ml.org:(none)): Apollyon 331 Password required for Apollyon. Password: 230 User Apollyon logged in. ftp ls 200 PORT command successful. 425 Can't build data connection: No route to host.\ Which site are you ftping to? It would be helpfull if you included that in your report. Also are you doing any port filters? FTP is a two - port protocol, ports 20 and 21. Perhaps you are blocking one, and allowing the other? Are you connecting via satellite or a cable modem that requires you to connect to a local isp and receive your internet access one way? perhaps there are routing problems. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] FTP problems - no route to host
Hi, I personally love ip masquerade but I have one problem, FTP When I ftp to some ftp sites I cannot get a dir listing or transfer files. I seem to get around this by using a passive host, but there is a BIG problem in this, its VERY unstable. Anyone got any ideas ? 220 Exhilirate (glFtpD v1.9.5) ready.User (ftp.ml.org:(none)): Apollyon331 Password required for Apollyon.Password:230 User Apollyon logged in.ftp ls200 PORT command successful.425 Can't build data connection: No route to host.
Re: [masq] FTP problems - no route to host
On Sat, Aug 08, 1998 at 07:38:45PM +1000, Ryan wrote: Hi, I personally love ip masquerade but I have one problem, FTP When I ftp to some ftp sites I cannot get a dir listing or transfer files. I seem to get around this by using a passive host, but there is a BIG problem in this, its VERY unstable. Anyone got any ideas ? 220 Exhilirate (glFtpD v1.9.5) ready. User (ftp.ml.org:(none)): Apollyon 331 Password required for Apollyon. Password: 230 User Apollyon logged in. ftp ls 200 PORT command successful. 425 Can't build data connection: No route to host. You need to use the ip_masq_ftp module. Try "insomod ip_masq_ftp." And stick the following in whatever startup file you use to set up you masquerading rules: depmod -a modprobe ip_masq_ftp modprobe ip_masq_irc modprobe ip_masq_raudio modprobe ip_masq_cuseeme modprobe ip_masq_vdolive modprobe ip_masq_quake Chris Johnson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FTP problems - no route to host
Ryan [EMAIL PROTECTED] wrote: 220 Exhilirate (glFtpD v1.9.5) ready. User (ftp.ml.org:(none)): Apollyon 331 Password required for Apollyon. Password: 230 User Apollyon logged in. ftp ls 200 PORT command successful. 425 Can't build data connection: No route to host. Turn on "debug" in your ftp session and you will probably see the reason. You are sending a PORT command with your private IP address, and the remote ftpd can't route to that host directly. The ip_masq_ftp module is supposed to take care of this, but you have to load it manually. -- [EMAIL PROTECTED] (Fuzzy Fox) || "Her lips said 'No,' but her sometimes known as David DeSimone ||eyes said 'Read my lips!'" http://www.dallas.net/~fox/ || - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] Ftp module for ip_masq
Hi, I'm having trouble ftp'ing from the computers hooked to my masq linux box. I heard i need a module for ftp'ing and so looked everywhere for it. If anyone knows where this is, and maybe some help on how to install it, i would be so happy. Thanx in advance, Ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Ftp module for ip_masq
Greetings. Mine is in /lib/modules/2.0.33/ipv4 (the 2.0.33 bit stems from the fact that I am running kernel 2.0.33 - if you are running a different kernel this part of the path will be different) and the module for FTP is called ip_masq_ftp.o To load it you should do something like this: /sbin/modprobe ip_masq_ftp I have placed this line in my /etc/rc.d/rc.modules so that this module is loaded each time my Linux box reboots. To see which modules are loaded do this: cat /proc/modules Note that all these suggestions are based on Slackware 3.4 kernel 2.0.33, other distributions might store the files in slightly different directories, but it should be close. hth Dave -- From: Ian MacLeod[SMTP:[EMAIL PROTECTED]] Sent: Saturday, 27 June 1998 13:52 To: [EMAIL PROTECTED] Subject:[masq] Ftp module for ip_masq Hi, I'm having trouble ftp'ing from the computers hooked to my masq linux box. I heard i need a module for ftp'ing and so looked everywhere for it. If anyone knows where this is, and maybe some help on how to install it, i would be so happy. Thanx in advance, Ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] FTP server configuration
I would like to know how to configure the ftp server on a linux box for kernel 2.0.33. Also how to set up users for limited access to directories. Can this be done? Or do I have to run another program. Steve
Re: [masq] [masq] ftp to WinNT fails
I'd better be. It is our general firewall. All other ftp accesses works well. (Probably about a few hundred a day for about 2 years) In short: Yes the ftp module is loaded. Karsten Are you sure you are loading the ip_masq_ftp module? -Joe Karsten Jeppesen wrote: Anybody has a clue to why a windows NT based ftpserver won't accept contact from within the masqueraded net ? The masq machine it self will be able to, but not a machine from within. Karsten -- Dr. Karsten Jeppesen YARC Systems Corporation VP of Development(805) 499 9444 Director of the Board - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] -- Joachim Feise Microsoft Certified Solution Developer mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] -- Dr. Karsten Jeppesen YARC Systems Corporation VP of Development(805) 499 9444 Director of the Board - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] ftp to WinNT fails
Anybody has a clue to why a windows NT based ftpserver won't accept contact from within the masqueraded net ? The masq machine it self will be able to, but not a machine from within. Karsten -- Dr. Karsten Jeppesen YARC Systems Corporation VP of Development(805) 499 9444 Director of the Board - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] ftp to WinNT fails
Are you sure you are loading the ip_masq_ftp module? -Joe Karsten Jeppesen wrote: Anybody has a clue to why a windows NT based ftpserver won't accept contact from within the masqueraded net ? The masq machine it self will be able to, but not a machine from within. Karsten -- Dr. Karsten Jeppesen YARC Systems Corporation VP of Development(805) 499 9444 Director of the Board - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] -- Joachim Feise Microsoft Certified Solution Developer mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/ mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] ftp and http into masq'd network
howdy, no response to my requst from last week, so i'll rephrase the question! i've setup masqing on a linux (redhat 2.0.33) server and i am able to get out to the rest of the universe from my private lan. i can telnet, ftp, get news, and surf. basically that part works like a champ. now, i'm at the next part of the saga. i would like to setup a web server (on NT, yeah i know...) behind the linux firewall and have the nt web server visible to the internet. i also need ftp access into the nt box to update web pages. i've have read the man pages and the how-to's for ipfwadm and ipautofw, but i can't understand how to setup the rules to get ftp and http request into the nt box. to make the process easier(!), i've setup an ftp server on my windoze box to start the process (it boots a little faster than nt). i hope that someone else has done this already and can send me their ipfwadm and ipautofw rules! or at least point me to the right place(s) to get this information. thanks!!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] [masq] FTP broken
if [ -f /sbin/depmod ]; then /sbin/depmod -a fi if [ -f /sbin/modprobe ]; then /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_raudio fi -- Bill Eldridge Radio Free Asia [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Tuesday, May 26, 1998 6:03 PM Subject: [masq] FTP broken Hello, I am not sure what happened or when. I set up IP Masquerade on a Linux Box (slakware 2.0.30) and had telnet, FTP and HTTP working from a number of machines behind the linux machine. For some reason, outgoing FTP does not work anymore. To make matters worse, I am so new to linux, that I don't know where to start looking. I have set up a minimum system and did not intentionally filter any packets when set things up. After setting up eth0 eth1, I set up for masqurade with: echo "1" /proc/sys/net/ipv4/ip_forward ipfwadm -F -a m -S 192.168.200.0/24 -D 0.0.0.0/0 Here is a typical attempt to use FTP from my internal system to a system elseware on the internet. If I use a dialup connection from the same machine I have no problems. -- Name (brentwoodlake): brentwoodlake 331 Password required for brentwoodlake Password: . 230 User brentwoodlake logged in. Access restrictions apply. ftp ls 500 Illegal PORT Command ftp ls 500 Illegal PORT Command ftp cd .. 250 CWD command successful. ftp ls 500 Illegal PORT Command ftp The login works, but after that I can't *do* anything. Other systems complain about the PORT argument being wrong. Thanks in advance, Mark Stamos -- --- [EMAIL PROTECTED] PGP PUBLIC KEY: finger [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FTP broken
For some reason, outgoing FTP does not work anymore. The login works, but after that I can't *do* anything. Other systems complain about the PORT argument being wrong. I believe you need to load the ip_masq_ftp.o module (try *insmod ip_masq_ftp*), or use PASV (passive) mode ftp. You enter passive mode with the command *quote pasv* after logging in. Not all ftp clients support this option correctly, so the best long term fix is to load the module designed to fix this problem. -Bob Simpson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] FTP Server Behind Firewall PASV FTP ???
I am working on developing a firewall system for a client utilizing RedHat 5.0 and IP Masquerading. I have pretty much got everything working to my satisfaction with the exception of one thing. I have a public FTP Server sitting behind the MASQ machine... I am using a very minimal set of rules as a result of this problem. I like to start simple and get everything working before I attempt to tighten things up. Anyway, I am using ipportfw to bounce all incoming requests received on port 21 by the MASQ machine to the FTP Server behind the firewall. This works great with "standard" or "ported" FTP clients (i.e. CuteFTP, WS_FTP, etc...). However, it does not work so great with PASV FTP clients like the ones built into many of the standard Web browsers. Here is my limited understanding of how PASV mode FTP works... I understand that the incoming "command" channel still comes into the FTP server on port 21 as with "standard" FTP requests... and I understand that the server then picks a port 1023 and sends the port number back to the client so that the client can open a second "data" channel to that port on the FTP server. Initially I figured that all I had to do was setup ipautofw on the MASQ machine to bounce all requests received in that range (1023) to the FTP server behind the firewall... and as you have probably guessed... it did not work. Using a PASV mode FTP client I think I see why... the initial "command" channel is opened no problem... and it would appear that the servers reply with the port number is received by the client no problem... the problem seems to be when the client tries to open the second "data" channel with the FTP server it tries to open connect to the un-masqed IP address of the FTP server located behind the firewall.. If anyone has a "work around" or suggestions I would appreciate it... I am a bit stumped on this one since the IP address must be coming in to the client as part of the FTP servers port response ??? Thanks, Dave Hammond Network Administrator - EZ-Net [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Ftp server behind firewall?
I would like to propose a workaround ( I have the same challenge ). Mount the NT / Win95 as smb shares, and make them available for ftp from the Linux box. Thanks, Hans -Original Message- From: Mark [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 18, 1998 19:14 To: [EMAIL PROTECTED] Subject: Re: [masq] Ftp server behind firewall? Well I can't give you the answer to your problem, but I do have a work-around. I am in a similar situation but my NT box also boots to Linux. Ftp works fine in NT using War FTPD, but when I boot to Linux I get that bind error. You can get War software at http://www.jgaa.com/downloadpage.htm . I think it may have to do with the 'Fool my brain dead ISP! (dont bind to port 20)' option, but I know little about this. That's your best bet. It's a great program too. As for me, I'd rather be in Linux more but I cant find a way around that bind problem. If you hear anything, let me know please. I have asked the same question here and got no respose. Lets hope you do. At 12:26 AM 3/18/98 -0500, you wrote: I have a need for there to be a ftp server behind the firewall, I am assuming that it can be done. I have used redir for port 21 and can connect to the server but when I try to get a listing or file it spits this at me: ftp ls 500 Invalid PORT Command. ftp: bind: Address already in use ftp ls 500 Invalid PORT Command. ftp dir 500 Invalid PORT Command. I have tried using redir on port 20 and using udpred on 21 and 20 but keep getting the same error messages, I have not yet tried ipautofw. The machine is a NT box with the microsoft ftp server; I don't think that it makes a difference. -- Andrew L. Davis Network Operations [EMAIL PROTECTED]ViperLink International - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] Ftp server behind firewall?
Well I can't give you the answer to your problem, but I do have a work-around. I am in a similar situation but my NT box also boots to Linux. Ftp works fine in NT using War FTPD, but when I boot to Linux I get that bind error. You can get War software at http://www.jgaa.com/downloadpage.htm . I think it may have to do with the 'Fool my brain dead ISP! (dont bind to port 20)' option, but I know little about this. That's your best bet. It's a great program too. As for me, I'd rather be in Linux more but I cant find a way around that bind problem. If you hear anything, let me know please. I have asked the same question here and got no respose. Lets hope you do. At 12:26 AM 3/18/98 -0500, you wrote: I have a need for there to be a ftp server behind the firewall, I am assuming that it can be done. I have used redir for port 21 and can connect to the server but when I try to get a listing or file it spits this at me: ftp ls 500 Invalid PORT Command. ftp: bind: Address already in use ftp ls 500 Invalid PORT Command. ftp dir 500 Invalid PORT Command. I have tried using redir on port 20 and using udpred on 21 and 20 but keep getting the same error messages, I have not yet tried ipautofw. The machine is a NT box with the microsoft ftp server; I don't think that it makes a difference. -- Andrew L. DavisNetwork Operations [EMAIL PROTECTED] ViperLink International - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]