>> I have a transparent squid proxy + ipchains firewall on a linux box.
>> Everything is
>> working perfectly except ftp. I am able to connect from my client to the
>> internet server
>> but when id execute "ls" then it gives a error:
>> ftp> 500 Illegal PORT Command
>> ftp: bind: Address already in use
>>
>> and when i go into passive mode of ftp then it hangs. I want to access
>> ftp from my
>> client directly to internet through firewall. Is there any better way?
>> Please help!!
>basically u have to load the ftp kernel module for ip masquerading!!!
No need of ftp connection tracking module for transproxying.
All your configurations are already right.
Problem is in Squid. You can only FTP using ur browser(that too
download only), because Squid converts FTP replies to HTML
pages and delivers it to client(browser) thru HTTP, which
cannot be understood by FTP clients.
For doing this migrate to linux-2.4 Netfilter/ftp_contrack
Inside the netfilter distribution, there are currently modules
for ftp: ip_conntrack_ftp.o and ip_nat_ftp.o. If you insmod
these into your kernel (or you compile them in permanently),
then doing any kind of NAT on ftp connections should work. If
you don't, then you can only use passive ftp, and even that
might not work reliably if you're doing more than simple Source
NAT.
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/wilma/linux-delhi/
