/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
>But, I tested opening ALL ports by making the FTP server a DMZ host (meaning
>all ports were forwarded to it from the router) and passive connections
>still wouldn't work (actually they could connect, but an 'ls' command failed
>with 'network unreachable'). Passive connections work fine if I take out the
>router.
Though in theory this should work, it will screw up the MASQ server.
Realistically, if you want to do stuff like this, you should get
another IP from your ISP and run 1:1 NAT and not 1:Many NAT.
>I've heard it's pretty dangerous to open up SMB ports to the world. For our
>Mac clients we may consider opening afpovertcp with DHX encryption.
FTP is the most efficient but is insecure (clear text passwords)
SMB is pretty decent but is also insecure
NFS is getting better on Linux but is VERY insecure
>Can anyone give advice how to solve the passive FTP problem or suggest an
>alternative method of file xfer. SSH and SCP are out; installation, setup,
>and use are just too complicated for non-computer people.
You do realize there are SFTP clients. Right?
Anyway.. if you have followed the IPMASQ list in the last week or so,
I posted a new ALPHA ip_masq_ftp module that supports PORTFW'ed FTP.
There were a few issues with it and a few users wanted the ability to
add/remove additional non-standard PORFWed FTP ports w/o having to
break all existing connections to reload the ip_masq_ftp module. So,
Juan has come up with a new module that uses the IPCHAINS MFW
mechanism to support PORTFWed FTP and to also make changes on the fly.
I'll post these files in a separate email to you and the MASQ list.
Give it a try and let me know how it works for you.
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
