Re: [Masq] Portfw only on port 21, and passive issues

Tue, 10 Apr 2001 17:19:06 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


James D. Silliman wrote:

> I would like to use a different ftp port than 21, but this is the only port
> that will work when I use an internally masqueraded ftp server. I have tried
> using a different external port and masquerading to an internal port on port
> 21, with no luck.
> 
> I'm using the v.027 Ciarlante IP_MASQ_FTP module.
> 
> When I connect through my main box to an internal-masqueraded box running a
> third-party ftp server, I can connect fine on port 21 using portfw module,
> non-passive mode.
> 
> I simply launch Ciarlante's shell script:
> #!/bin/sh
> FW_IP=216.xx.xx.xx.
> FW_PORT=21
> INT_IP=192.168.0.7
> INT_PORT=21
> 
> export PATH=/usr/sbin:/sbin:$PATH
> modprobe ip_masq_portfw debug=0
> ipmasqadm portfw -f
> ipmasqadm portfw -a -P tcp -L $FW_IP $FW_PORT -R $INT_IP $INT_PORT
> ipmasqadm portfw -l -n
> rmmod ip_masq_ftp
> modprobe $* ip_masq_ftp fwports=$FW_PORT
>
> The problem is that passive mode uses a range of ports that I can specify on
> the third-party ftp box, which refer to the outside external IP, and on the
> port command above in the script (up to 12 ports).  Somehow my box does not
> seem to be taking the range of ports when I specify it on the FW_PORT
> command line as such:
> FW_PORT=16999,17000, 17001, etc...
> 
> When I connect using passive mode, the module is not allowing the passive
> port connection through, or back through, as the case may be. If I leave
> everything (external, and internal) to port 21 things work fine, but no
> passive mode.
> 
> I have tried different third-party ftp programs, modifying the \etc\services
> file...everything else I could think of.  My hunch is that somehow the ftp
> module is not letting the data port connection in, or, back
> through...because on the ftp client there is an "access denied" message when
> it chooses one of the ports in the range.
> 
> Any help is appreciated.
> 

that should be "ports=$FW_PORT", not "fwports=$FW_PORT"
according to ip_masq_ftp.c. you can also specify these
ports in /etc/modules.conf somehow if you prefer.

raf

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to