> Forgot --
>
> Here is the output of the filter list:
>
> # svi network ipfilter list portfw
> prot localaddr rediraddr lport rport pcnt
pref
> TCP 64.255.208.60 192.168.1.8 21 21 10
10
Looks good...
> Michael McClure wrote:
>
> > I'm running Eigerstein on 1.6MB floppy with the VPNMasq Kernal.
> >
> > I've decided to run a simple FTP server inside my firewall. I have to
> > have this working by tomorrow mid-day -- giving a little presentation
> > and have to have an FTP site to download off of. Everybody's problems
> > related to FTP seemed to be re: Passive, so I figured that Active was
> > easy to configure...guess sometimes not. I made the change to the
> > "INTERN_FTP_SERVER" to the correct IP and uncommented it. (This is
> > what I did to forward SSH to the internal ssh server -- uncomment the
> > INTERN_SSH_SERVER variable and set the IP...and it works perfectly.
> >
> > However, when I try to FTP to the IP of the LRP from an entirely
> > different network (I have 2 DSL drops from two separate ISP's), I get
> > a timeout on the ftp:
> >
> > C:\WINNT>ftp 64.255.208.60
> > > ftp: connect :Connection timed out
> > ftp> quit
> >
> >
> > From inside the LRP, I'm able to successfully initiate an FTP session
> > using the internal 192.168.1.8 IP address.
> >
> > Any thoughts? I don't have to use a browser for the FTP as the people
> > I'm going to let in all know how to use DOS Ftp and will be named users.
> >
> > My FTP server is War-FTP on Win98.
> >
> > Here is that section of the network.conf file. Note that the SSH
> > stuff is still commented out -- that successfull SSH forwarding that I
> > talked about above was for my work -- this FTP thing is from home.
> >
> > # Allows the firewall to be trusted for ssh access to routers...
> > # Override for below
> > #NOMASQ_DEST_BYPASS="tcp_10.0.0.1_ssh"
> > # services not to be masqueraded
> > #NOMASQ_DEST="tcp_0/0_ssh"
> > # Uncomment following for internal services.
> > # The following is an example of what should be put here.
> > # Tuples are as follows:
> > # <protocol>_<extern-ip>_<extern-port>_<intern-ip>_<intern-port>
> > #INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.1.1_ftp
> > tcp_${EXTERN_IP}_smtp_192.168.1.1_smtp
> >
> > # These lines use the primary external IP address...if you need to
> > port-forward
> > # an aliased IP address, use the INTERN_SERVERS setting above
> > INTERN_FTP_SERVER=192.168.1.8 # Internal FTP server to make available
> > #INTERN_WWW_SERVER=192.168.1.1 # Internal WWW server to make available
> > #INTERN_SMTP_SERVER=192.168.1.1 # Internal SMTP server to make available
> > #INTERN_POP3_SERVER=192.168.1.1 # Internal POP3 server to make available
> > #INTERN_IMAP_SERVER=192.168.1.1 # Internal IMAP server to make available
> > #INTERN_SSH_SERVER=192.168.1.1 # Internal SSH server to make available
> > #EXTERN_SSH_PORT=24 # External port to use for internal
> > SSH access
> >
> > I saw the INTERN_SERVERS line, but I assumed that since I didn't have
> > external IP addresses, that it still stays uncommented as it did on my
> > other router for SSH forwarding.....
Your port-forward is getting setup properly, which leaves one other spot for
trouble. Since your FTP server is running (you can connect to it from the
internal network), the problem is likely your firewall. You've forwarded
FTP packets from the LRP box to your internal server, but probably haven't
allowed the packets through the firewall. To do so, you need to add
"0/0_ftp" to your EXTERN_TCP_PORTS variable in network.conf:
EXTERN_TCP_PORTS="0/0_ftp 0/0_ssh <other allowed protocols>"
Charles Steinkuehler
http://lrp.steinkuehler.net
http://c0wz.steinkuehler.net (lrp.c0wz.com mirror)
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
