/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Your right that is a different issue. The module that we are talking about
only handles masq'ed clients ftp'ing out to remote sites, or so I think (please
correct me if I am wrong).
Dan
Justin Ellison wrote:
> /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> /* ALSO: Don't quote this header. It makes you look lame :-) */
>
> Ahhh, apples and oranges. My clients ftp'ing out all work just fine, but I
> run an FTP server behind it via port forwarding. The process I was
> describing was what had to happen for people to FTP into my masq'd client.
>
> Justin
> ----- Original Message -----
> From: "Daniell Freed" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Thursday, December 21, 2000 11:39 AM
> Subject: Re: [Masq] ip_masq_ftp module does not work
>
> > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
> > /* ALSO: Don't quote this header. It makes you look lame :-) */
> >
> >
> > Right. But this is, at least in my case, is what I am trying to do. I
> have
> > masq'ed clients that are trying to ftp to other sites and they cannot get
> a data
> > connection (depsite having the module loaded on the firewall) without
> opening up
> > port 20 via IPCHAINS.
> >
> > Dan
> >
> >
> > Charles Shoemaker wrote:
> >
> > >
> > > The ip_masq_ftp modules is just for masquerade clients, like the
> > > other machines on your internal network. I ran into this recently,
> > > where the internal machines could do ftp just fine, but trying ftp
> > > from the linux firewall machine failed.
> > >
> > > The solution is to open tcp port 20, ftp-data. I'd be curious to hear
> > > from others on the list: just how big a security problems is this?
> > > The security gurus would probably tell us, "don't do ftp from your
> > > firewall machine!"
> > >
> > > From: "Justin Ellison" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Subject: Re: [Masq] ip_masq_ftp module does not work
> > > Date sent: Thu, 21 Dec 2000 09:16:06 -0600
> > >
> > > > /* HINT: Search archives @ http://www.indyramp.com/masq/ before
> posting!
> > > > /* ALSO: Don't quote this header. It makes you look lame :-) */
> > > >
> > > >
> > > > Jan and Daniell,
> > > >
> > > > I've recently had this problem, and I too thought it was something
> with
> > > > ip_masq_ftp. However, it was the client that was causing the problem.
> I
> > > > was using ncftp to connect, which uses passive mode FTP by default.
> >From an
> > > > ncftp prompt, type "set passive off" and try to do an ls. Or, do an
> ftp
> > > > session from the command prompt in windows.
> > > >
> > > > Justin
> > > > ----- Original Message -----
> > > > From: "Daniell Freed" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > > > Sent: Thursday, December 21, 2000 8:43 AM
> > > > Subject: Re: [Masq] ip_masq_ftp module does not work
> > > >
> > > >
> > > > > /* HINT: Search archives @ http://www.indyramp.com/masq/ before
> posting!
> > > > > /* ALSO: Don't quote this header. It makes you look lame :-) */
> > > > >
> > > > >
> > > > > I too am having a similar problem. My ftp connection doesn't hang,
> but
> > > > > I do get the error "Data connection refused" or something of the
> sort.
> > > > > Basically, the syn packet is recieved one of my input rules (
> ipchains -A
> > > > > input -p TCP -i $externalinterface -s 0/0 -d 0/0 -y -l -j REJECT)
> which
> > > > > bocks any connection requests (ie any SYN packets that are incoming)
> bocks
> > > > > the packet and logs the attempt. The only work around I currently
> have is
> > > > > to not include this rule in my firewall, but that isn't a very good
> option
> > > > > because now I don't get the extra security that this rule offers.
> > > > >
> > > > > Any help would be appreciated.
> > > > >
> > > > > Daniell Freed
> > > > >
> > > > >
> > > > > Jan Stifter wrote:
> > > > >
> > > > > > /* HINT: Search archives @ http://www.indyramp.com/masq/ before
> posting!
> > > > > > /* ALSO: Don't quote this header. It makes you look lame :-) */
> > > > > >
> > > > > > hello all,
> > > > > >
> > > > > > even though i modprobe the ip_masq_ftp module and lsmod shows me
> the
> > > > > > ip_masq_ftp module, i can not get a data channel to an ftp server.
> as
> > > > > > soon as i type ls, the connection hangs.
> > > > > >
> > > > > > my kernel is a clean 2.2.17, ip_masq_ftp.c shows
> > > > > > * Version: @(#)ip_masq_ftp.c 0.10 20/09/00
> > > > > >
> > > > > > (i have patched it, original module is 0.04)
> > > > > >
> > > > > > i have nothing wrong in the log. when i am trying to initiate a
> data
> > > > > > connection, the server sends me a SYN packet to a masqueraded port
> > > > > > somewhere around 62000, which gets REJECTED (because the
> ip_masq_ftp
> > > > > > module does not work, or because i am too stupid to make it work).
> > > > > >
> > > > > > any hints are greatly appreciated
> > > > > >
> > > > > > jan
> > > > > >
> > > > > > ---
> > > > > > Jan Stifter
> > > > > > http://www.medres.ch/~jstifter/
> > > > > >
> > > > > > _______________________________________________
> > > > > > Masq maillist - [EMAIL PROTECTED]
> > > > > > Admin requests can be handled at
> http://www.indyramp.com/masq-list/ --
> > > > > > THIS INCLUDES UNSUBSCRIBING!
> > > > > > or email to [EMAIL PROTECTED]
> > > > > >
> > > > > > PLEASE read the HOWTO and search the archives before posting.
> > > > > > You can start your search at http://www.indyramp.com/masq/
> > > > > > Please keep general linux/unix/pc/internet questions off the list.
> > > > >
> > > > > --
> > > > > Daniell Freed
> > > > > Computer Services
> > > > > Dewitt, Ross, & Stevens S.C.
> > > > >
> > > > > He who fights with monsters might take care
> > > > > lest he thereby become a monster.
> > > > > And if you gaze for long into an abyss,
> > > > > the abyss gazes also into you.
> > > > >
> > > > > Beyond Good and Evil
> > > > > Friedrich Wilhelm Nietzche
> > > > >
> > > > > _______________________________________________
> > > > > Masq maillist - [EMAIL PROTECTED]
> > > > > Admin requests can be handled at
> http://www.indyramp.com/masq-list/ --
> > > > > THIS INCLUDES UNSUBSCRIBING!
> > > > > or email to [EMAIL PROTECTED]
> > > > >
> > > > > PLEASE read the HOWTO and search the archives before posting.
> > > > > You can start your search at http://www.indyramp.com/masq/
> > > > > Please keep general linux/unix/pc/internet questions off the list.
> > > >
> > > > _______________________________________________
> > > > Masq maillist - [EMAIL PROTECTED]
> > > > Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> > > > THIS INCLUDES UNSUBSCRIBING!
> > > > or email to [EMAIL PROTECTED]
> > > >
> > > > PLEASE read the HOWTO and search the archives before posting.
> > > > You can start your search at http://www.indyramp.com/masq/
> > > > Please keep general linux/unix/pc/internet questions off the list.
> > >
> > > _______________________________________________
> > > Masq maillist - [EMAIL PROTECTED]
> > > Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> > > THIS INCLUDES UNSUBSCRIBING!
> > > or email to [EMAIL PROTECTED]
> > >
> > > PLEASE read the HOWTO and search the archives before posting.
> > > You can start your search at http://www.indyramp.com/masq/
> > > Please keep general linux/unix/pc/internet questions off the list.
> >
> > --
> > Daniell Freed
> > Computer Services
> > Dewitt, Ross, & Stevens S.C.
> >
> > He who fights with monsters might take care
> > lest he thereby become a monster.
> > And if you gaze for long into an abyss,
> > the abyss gazes also into you.
> >
> > Beyond Good and Evil
> > Friedrich Wilhelm Nietzche
> >
> > _______________________________________________
> > Masq maillist - [EMAIL PROTECTED]
> > Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> > THIS INCLUDES UNSUBSCRIBING!
> > or email to [EMAIL PROTECTED]
> >
> > PLEASE read the HOWTO and search the archives before posting.
> > You can start your search at http://www.indyramp.com/masq/
> > Please keep general linux/unix/pc/internet questions off the list.
>
> _______________________________________________
> Masq maillist - [EMAIL PROTECTED]
> Admin requests can be handled at http://www.indyramp.com/masq-list/ --
> THIS INCLUDES UNSUBSCRIBING!
> or email to [EMAIL PROTECTED]
>
> PLEASE read the HOWTO and search the archives before posting.
> You can start your search at http://www.indyramp.com/masq/
> Please keep general linux/unix/pc/internet questions off the list.
--
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens S.C.
He who fights with monsters might take care
lest he thereby become a monster.
And if you gaze for long into an abyss,
the abyss gazes also into you.
Beyond Good and Evil
Friedrich Wilhelm Nietzche
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
