/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ I can't seem to quite get this right, would appreciate input. :-) I am running an ftp server on a box behind my firewall. I have installed ipmasqadm and am loading the ip_masq_ftp module. I cannot get the connection to work properly. Here are my rules and the log file with the failure. I feel as if there is some reason that the ip_masq_ftp module isn't working, but I really don't know...... Thanks! Phil /sbin/modprobe ip_masq_ftp # set the policies # /sbin/ipchains -P input ACCEPT /sbin/ipchains -P input DENY /sbin/ipchains -P forward ACCEPT /sbin/ipchains -P output ACCEPT # flush the chains /sbin/ipchains -F # set MASQ timeouts /sbin/ipchains -M -S 300 10 60 # find out what the ip address of the interfaces are extip="`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" intip="`/sbin/ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`" # NOTE!!! 10.0.0.1 = intip, 4.93.120.13 = extip echo 1 > /proc/sys/net/ipv4/ip_forward # if it's coming from the inside network and is tcp, accept the packet /sbin/ipchains -A input -d 0/0 -i eth1 -p 6 -j ACCEPT # use ipmasqadm to forward any tcp packet received on the external interface /sbin/ipchains -A input -s 0/0 -d $extip ftp -p 6 -y -j ACCEPT -l /sbin/ipchains -A input -s 0/0 -d $extip ftp -p 6 -j ACCEPT -l /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L $extip ftp -R 10.0.0.25 ftp # masquerade packets coming in and going out the firewall as the address # of the roadrunner interface /sbin/ipchains -A forward -i eth0 -j MASQ Jul 19 14:22:49 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=48 S=0x00 I=10421 F=0x4000 T=111 SYN (#12) Jul 19 14:22:49 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=40 S=0x00 I=0 F=0x0000 T=45 (#13) Jul 19 14:22:49 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=40 S=0x00 I=10677 F=0x4000 T=111 (#13) Jul 19 14:22:49 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=54 S=0x00 I=10933 F=0x4000 T=111 (#13) Jul 19 14:22:49 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=40 S=0x00 I=11189 F=0x4000 T=111 (#13) Jul 19 14:22:52 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=54 S=0x00 I=11445 F=0x4000 T=111 (#13) Jul 19 14:22:52 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=40 S=0x00 I=11701 F=0x4000 T=111 (#13) Jul 19 14:22:52 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=45 S=0x00 I=11957 F=0x4000 T=111 (#13) Jul 19 14:22:52 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=46 S=0x00 I=12213 F=0x4000 T=111 (#13) Jul 19 14:22:52 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=46 S=0x00 I=12469 F=0x4000 T=111 (#13) Jul 19 14:22:53 fwall kernel: Packet log: input DENY eth0 PROTO=6 16.7.40.5:1945 4.93.120.13:2955 L=48 S=0x00 I=12725 F=0x4000 T=111 SYN (#39) Jul 19 14:22:53 fwall kernel: Packet log: input ACCEPT eth0 PROTO=6 16.7.40.5:1944 4.93.120.13:21 L=40 S=0x00 I=12981 F=0x4000 T=111 (#13) Jul 19 14:22:56 fwall kernel: Packet log: input DENY eth0 PROTO=6 16.7.40.5:1945 4.93.120.13:2955 L=48 S=0x00 I=14005 F=0x4000 T=111 SYN (#39) Jul 19 14:23:02 fwall kernel: Packet log: input DENY eth0 PROTO=6 16.7.40.5:1945 4.93.120.13:2955 L=48 S=0x00 I=17589 F=0x4000 T=111 SYN (#39) Jul 19 14:23:14 fwall kernel: Packet log: input DENY eth0 PROTO=6 16.7.40.5:1945 4.93.120.13:2955 L=48 S=0x00 I=27317 F=0x4000 T=111 SYN (#39) _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
