bascule <[EMAIL PROTECTED]> writes: > hi florin, > thanks for replying, i think i might not have been clear, i can enable both > active and passive ftp through snf to the actual ftp box, just not both at > the same time, the change to enable either is made in the config of proftpd > and not on the snf which has ports 49152,49153 forwarded to the actual ftp > box, the ftp box has proftpd set up to offer passive connection s on those > two ports and this works fine as long as proftpd also has the ip address of > snf in its config as well, however specifying the ip address of the firewall > in proftpd stops active ftp from working, commenting out the relevant line in > /etc/proftpd.conf allows active but breaks passive ftp, the suggested > solution from the proftpd list was the following
> ---snip---- > On your firewall, what you need to do is load the ip_masq_ftp > modules with the following aguments > > modprobe ip_masq_ftp in_ports=20,21,49157,49153 > ----snip----- > my question is that i don't know anything about 'ip_masq_ftp' my snf is all > set up via the web interface, is this proposed solution applicable to snf, > does snf use this 'ip_masq_ftp' whatever it is, if so where do i put this to > be permanent assuming it works), i want to try this 'solution' but i don't > wnat to break anything ! Hello there, the module is compiled in the kernel alright but I haven't test it too much, i must admit. make sure you install the kernel-source package. [root@firewall /root]# rpm -ql kernel-source|grep ftp /usr/src/linux-2.2.19/net/ipv4/ip_masq_ftp.c then edit that file ... it will show you some examples. You should do a port-forwarding for the 49157,49153 ports. you could add the right entries in the /etc/modules.conf file or even in some initscript, say /etc/rc.d/rc.local or the end of /etc/rc.d/rc.sysinit (add modprobe bla bla) sincerely, -- Florin http://www.mandrakesoft.com
