On Tue, Apr 03, 2001 at 09:56:20PM -0700, Scott C. Best scribbled:
> Errr...
> I believe that ip_masq_ftp is used to make *active*
> FTP work, on the *client* side.
> My understanding is that Active FTP is tricky on
> client-side NAT'ing-firewalls and passive FTP is tricky on
> server-side NAT-ing firewalls. Unfortunately, this masq
> modules only solves for one of them, not both.
> AFAIK, you *gotta* tweak the config files of your
> FTP server to make it work from behind a NAT'ing firewall.
> Its response to the PASV request must include the external
> IP# of the firewall and a port from within the port-range
> that the firewall is auto-forwarding from.
>
> Kick me if I'm way wrong on this...
*punch*
I know all of that; I'm talking about the patch, originally
written by Fred Viles [IIRC], that changes the ip_masq_ftp.o
module to correctly deal with server-side-NAT-firewall-PASV
connections.
This allows you to avoid having to do anything special with
your FTP server, in case you're running one that you can't
configure like that.
> -Scott
--
rick -- A mind is like a parachute... it only works when it's open.
ICQ# 1590117 [EMAIL PROTECTED]
Help with LRP: http://lrp.c0wz.com Home page: http://www.c0wz.com
_______________________________________________
Leaf-devel mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-devel
