"Gael Martin" <[EMAIL PROTECTED]> writes:
> Hi All.
> I've got an LAN connection to the internet (ADSL) plug into my SNF and on
> the other end my internal network. I've set up the transparent proxy server
> so that all request to port 80 from internal network are redirected to port
> 3228 of squid. Everything was just working fine until I decided to make one
> of my internal machine available outside the internal network. I've set up
> my internal FTP server and then went on SNF (Restrict Access/Internet
> Traffic) to add the FTP port to the list of public traffic allowed and then
> put the IP address of my internal machine 10.0.0.23 into the forward to
> internal host box. Give the FTP connection details to some guys outside the
> internal network, he connected OK to the FTP machine downloaded and uploaded
> OK, fantastic. But half an hour later some guys from the internal network
> came to me saying "We can't connect to the internet anymore". I've looked
> for ages until I finally found that as soon as I removed the FTP port
> forwarding in SNF it works again. So I can't have the proxy server and port
> forwarding working at the same time which is really annoying.
> What am I doing wrong?????
> If someone could give a workaround on this one I'll be very glad.
> BTW : I've tried with manual proxy with and without auth and it still don't
> work.
> It seems to me that it's only the http packet that get lost somewhere
> because I can still use ftp or pop when I turned port forwarding ON.
> Gael
>
>
>
Hello there,
here are two points of view for the ftp connections with a firewall:
- open tcp ports 21 (control) *and* 20 (data) in incoming traffic on the
firewall to allow active ftp from the clients
- open tcp port 21 and all high ports (> 1024) on the firewall to allow
passive clients
I have set here squid in transparent mode and the I did a port forwarding
of ftp to some internal ftp server using proftpd.
with ncftp or lftp lftp clients, connect and then type : set passive off
(ncftp), or set ftp:passive-mode off and then you will be able to connect ...
squid and ftp port-forwarding work together ...
--
Florin http://www.mandrakesoft.com
