Re: [Masq] Port Forwarding and ftp

Sun, 24 Jun 2001 14:31:23 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


At 12:06 PM 6/24/2001 -0700, Carl Engstrom wrote:
>1) What code do I need to do the port forwarding -- masqadm? I forgot the
>name of the forwarding deamon.

As mentioned, ipmasqadm is the utility you want.


>2) What rules should I set in my IPchains firewall to forward traffic to
>this new box:
>
>box ID -- 192.168.100.4
>Port for FTP 1001-1009
>
>3) can I use ports 1001-1009 without killing anything else?
>
>4) any help on the commands would be appreciated, I will be checking the
>howto, but if you want to drop some hints I'd appreciate it.

The newest version of ip_masq_ftp.c works for both directions.  (ie: masq'd 
ftp clients can communicate to an outside server, and outside ftp clients 
can connect to an inside masq'd ftp server.)  You only need to port forward 
the main server port.  All the other ports used for FTP are handled by the 
ip_masq_ftp module.

At least that's how it works for me.  I'm forwarding port 2121 to port 21 
on an inside server and that's the only 'firewall' stuff I'm doing.


>5) I was planning to NFS mount the drives for the FTP server from another
>Linux box, but I'm worried that this might expose me to security
>risks...comments?
>Also, most of my disk is on my firewall, so that is where I would NFS mount
>from.

If you've setup a strong firewall and are using NFS only within the inside, 
private network you should be fine.

I don't have much NFS experience, but if it's daemons work anything like 
other services I've seen, then see if you can bind them to listen only on 
the internal interface and ignore anything from the Internet.  Then you 
should be safe from external usage, at least.

Good luck,
Dave

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to