/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ I would like to use a different ftp port than 21, but this is the only port that will work when I use an internally masqueraded ftp server. I have tried using a different external port and masquerading to an internal port on port 21, with no luck. I'm using the v.027 Ciarlante IP_MASQ_FTP module. When I connect through my main box to an internal-masqueraded box running a third-party ftp server, I can connect fine on port 21 using portfw module, non-passive mode. I simply launch Ciarlante's shell script: #!/bin/sh FW_IP=216.xx.xx.xx. FW_PORT=21 INT_IP=192.168.0.7 INT_PORT=21 export PATH=/usr/sbin:/sbin:$PATH modprobe ip_masq_portfw debug=0 ipmasqadm portfw -f ipmasqadm portfw -a -P tcp -L $FW_IP $FW_PORT -R $INT_IP $INT_PORT ipmasqadm portfw -l -n rmmod ip_masq_ftp modprobe $* ip_masq_ftp fwports=$FW_PORT The problem is that passive mode uses a range of ports that I can specify on the third-party ftp box, which refer to the outside external IP, and on the port command above in the script (up to 12 ports). Somehow my box does not seem to be taking the range of ports when I specify it on the FW_PORT command line as such: FW_PORT=16999,17000, 17001, etc... When I connect using passive mode, the module is not allowing the passive port connection through, or back through, as the case may be. If I leave everything (external, and internal) to port 21 things work fine, but no passive mode. I have tried different third-party ftp programs, modifying the \etc\services file...everything else I could think of. My hunch is that somehow the ftp module is not letting the data port connection in, or, back through...because on the ftp client there is an "access denied" message when it chooses one of the ports in the range. Any help is appreciated. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
