Hi everyone, I've had this question for a while, and haven't been able to find a solution. This is the scenario. Two networks, each running Linux and IPMasq, with machines behind the firewalls running FTP servers and clients: Network 1: Machine A is behind firewall 1, and has an IP of 192.62.100.2 -Firewall 1 has the IP_MASQ_FTP module loaded, and is forwarding port 212 to Machine A's FTP server port (21). Network 2: Machine B is behind firewall 2, and has an IP of 192.168.0.22 -Firewall 2 has the IP_MASQ_FTP module loaded, and is forwarding port 1122 to Machine B's FTP server port (21). Both firewalls reside on the Rogers@Home cable network. Here is the problem: When a client behind Firewall 1 tries to access the FTP server on Machine B through Firewall 2, or vice versa, neither FTP port mode nor FTP passive mode will work, since neither machine A, nor B have valid routable internet addresses. In either mode, the connection fails when a data transfer is attempted, and times out waiting for a response. My understanding is: in PORT mode, the client instructs the server what port and IP address to connect to. Which fails in this case, because the client thinks it's IP is 192.62.100.2, or 192.168.0.11. In PASSIVE mode, the server instructs the client which port and IP address to connect to, which still fails, since the server thinks it's IP is 192.62.100.2, or 192.168.0.11 depending on which direction you're attempting to FTP. IP_MASQ_FTP works for outgoing non-PASSIVE transfers, and the setup works normally for destinations which are not behind firewalls. I'm not sure how the IP_MASQ_FTP module takes care of rewriting the packets source address to take care of this problem, but I thought that this module should allow PORT mode transfers to any host external to the firewall'd network regardless of whether it is behind a firewall or not. For example, the above set up works fine to and from a server behind the MASQ box, as long as the external client/host is not also behind a firewall, and uses PORT mode. Is it possible with any tools to allow this type of access? And if so, what types of tools/alternatives are available? Thanks. Adrian Chung [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Thousands of Stores. Millions of Products. All in one place. Yahoo! Shopping: http://shopping.yahoo.com - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to [EMAIL PROTECTED]
