/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
I'm not conviced this is the problem, but it may be related. I am not useing
ncftp, I am using the basic Linux ftp client from the console.
If I turn on passive mode this will correct the problem, but that shouldn't be
needed if the ip_masq_ftp module is working correctly. Passive mode tells the
server not use the data connection so that ftp works in environments where
firewalls prevent it from working normally.
Do we need to have a rule explicitly in our IPCHAINS input chain that accepts
all connection attempts from anywhere on port 20 to make this work (something
like ipchains -A input -p TCP -i $externalinterface -s 0/0 20 -d $externalip -y
-l -j ACCEPT )? Or should it work without this? This rule does fix the
problem, but should I need it if I am using the ip_masq_ftp module?
Dan
Justin Ellison wrote:
> Jan and Daniell,
>
> I've recently had this problem, and I too thought it was something with
> ip_masq_ftp. However, it was the client that was causing the problem. I
> was using ncftp to connect, which uses passive mode FTP by default. From an
> ncftp prompt, type "set passive off" and try to do an ls. Or, do an ftp
> session from the command prompt in windows.
>
> Justin
> ----- Original Message -----
> From: "Daniell Freed" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, December 21, 2000 8:43 AM
> Subject: Re: [Masq] ip_masq_ftp module does not work
>
> >
> > I too am having a similar problem. My ftp connection doesn't hang, but
> > I do get the error "Data connection refused" or something of the sort.
> > Basically, the syn packet is recieved one of my input rules ( ipchains -A
> > input -p TCP -i $externalinterface -s 0/0 -d 0/0 -y -l -j REJECT) which
> > bocks any connection requests (ie any SYN packets that are incoming) bocks
> > the packet and logs the attempt. The only work around I currently have is
> > to not include this rule in my firewall, but that isn't a very good option
> > because now I don't get the extra security that this rule offers.
> >
> > Any help would be appreciated.
> >
> > Daniell Freed
> >
> >
> > Jan Stifter wrote:
>
> > >
> > > hello all,
> > >
> > > even though i modprobe the ip_masq_ftp module and lsmod shows me the
> > > ip_masq_ftp module, i can not get a data channel to an ftp server. as
> > > soon as i type ls, the connection hangs.
> > >
> > > my kernel is a clean 2.2.17, ip_masq_ftp.c shows
> > > * Version: @(#)ip_masq_ftp.c 0.10 20/09/00
> > >
> > > (i have patched it, original module is 0.04)
> > >
> > > i have nothing wrong in the log. when i am trying to initiate a data
> > > connection, the server sends me a SYN packet to a masqueraded port
> > > somewhere around 62000, which gets REJECTED (because the ip_masq_ftp
> > > module does not work, or because i am too stupid to make it work).
> > >
> > > any hints are greatly appreciated
> > >
> > > jan
> > >
> > > ---
> > > Jan Stifter
> > > http://www.medres.ch/~jstifter/
> > >
> > > _______________________________________________
> > > Masq maillist - [EMAIL PROTECTED]
> > > Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> > > THIS INCLUDES UNSUBSCRIBING!
> > > or email to [EMAIL PROTECTED]
> > >
>
> >
> > --
> > Daniell Freed
> > Computer Services
> > Dewitt, Ross, & Stevens S.C.
> >
> > He who fights with monsters might take care
> > lest he thereby become a monster.
> > And if you gaze for long into an abyss,
> > the abyss gazes also into you.
> >
> > Beyond Good and Evil
> > Friedrich Wilhelm Nietzche
> >
> > _______________________________________________
> > Masq maillist - [EMAIL PROTECTED]
> > Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> > THIS INCLUDES UNSUBSCRIBING!
> > or email to [EMAIL PROTECTED]
> >
> > PLEASE read the HOWTO and search the archives before posting.
> > You can start your search at http://www.indyramp.com/masq/
> > Please keep general linux/unix/pc/internet questions off the list.
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> THIS INCLUDES UNSUBSCRIBING!
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
--
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens S.C.
He who fights with monsters might take care
lest he thereby become a monster.
And if you gaze for long into an abyss,
the abyss gazes also into you.
Beyond Good and Evil
Friedrich Wilhelm Nietzche
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
