* Stardate: 2001-12-04 10:37 * Incoming subspace signal from "Jeff Newmiller <[EMAIL PROTECTED]>" :
> On Tue, 4 Dec 2001, Maxim Heijndijk wrote: > > I have a dachstein-rc2 firewall PPTP-ADSL setup. I cannot get port forwarding to >work. > > My interfaces are: eth0 (10.0.0.100) which is connected to an ADSL > > modem at 10.0.0.138. > Okay... as long as the ip addresses used by pptp are public you are > okay... > > The external if > ah, internal? Internal. > > is eth1 at 192.168.1.1 ,with a > > built in hub which connects to the internal network 192.168.1.2, > > 192.168.1.3, 192.168.1.4. The pptp connection creates a ppp0 interface > > at a semi-dynamic IP adress (when I switch off the modem, the > > ip-adress could be changed. I hardly ever switch off the modem.) The > > FTP server is at 192.168.1.4. I can connect to it locally, but when I > > try to connect to it via the ppp0 interface the connection is started > > but it hangs forever. > You need to read ftp://ftp.echogent.com/docs/FTP_and_Firewalls.pdf. I will. > This is NOT an easy thing to do ... particularly when the ip changes > around. It often involves coordinated configuration of the ftp server and > the firewall to get a constrained set of ports forwarded to your internal > server. > > When I switch on SNMP_BLOCK=YES the connection > > is refused. > Hm. SNMP should have nothing at all to do with it. Still it makes a difference whether I turn it on or not. > > The ip_masq_ftp and ip_masq_portfw are loaded at boot > > together with all interfaces, but the ppp0 interface is started later > > on. > The good news is that I think the Dachstein kernel's version of > ip_masq_ftp has support for the "in_ports" option, which I believe assists > in setting up passive servers (try "in_ports=21"). I haven't tried it yet > myself. in_ports=21 at kernel boot you mean ? Or in /etc/modules ? -- Best regards, M@X. * Climate Control Psychedelic Soundscapes - http://go.to/cchq/ * Linux Shell Scripts & RPM Software Packages - http://go.to/conmen/ _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
