RicK;
> > [EMAIL PROTECTED] wrote:
> > > On Tue, Apr 03, 2001 at 06:00:49PM -0500, David Douthitt scribbled:
> > > > * Kernel patches: Openwall, bridgefw, VPN+Masq...
> > >
> > > How about the ip_masq_ftp.o server patch?
> >
> > Huh?
>
> You know, the patch that makes passive ftp servers work behind
> masquerading firewalls?
Errr...
I believe that ip_masq_ftp is used to make *active*
FTP work, on the *client* side.
My understanding is that Active FTP is tricky on
client-side NAT'ing-firewalls and passive FTP is tricky on
server-side NAT-ing firewalls. Unfortunately, this masq
modules only solves for one of them, not both.
AFAIK, you *gotta* tweak the config files of your
FTP server to make it work from behind a NAT'ing firewall.
Its response to the PASV request must include the external
IP# of the firewall and a port from within the port-range
that the firewall is auto-forwarding from.
Kick me if I'm way wrong on this...
-Scott
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
