/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
on 1/7/2002 7:10 AM, Robert Dege at [EMAIL PROTECTED] wrote: > /* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! > /* ALSO: Don't quote this header. It makes you look lame :-) */ > > > I have an FTP server masqueraded behind a firewall (both machine running > 2.2.18). When an internal machine connects to the internal IP address, > both active and passive connections function correctly. > > However, when an outside ftp client connects to the internal FTP server > via passive mode, the connection freezes during any form of data transfer > (ls, put, get, etc.). I assume that this is because of some confusion of > where the data port is. Active mode works fine, btw. > > I'm using ipmasqadm-0.4.2: > > ipmasqadm portfw -a -P tcp -L x.x.x.x ftp -R 172.28.254.47 ftp > > and I have the ip_masq_ftp module loaded. > > I tried looking through the archives, but have yet to find a successful > solution. FTP is kind of a strange beast. To transfer information, a second channel is set up to actually transfer data. When FTP is using active mode, the server makes the connection back to the client using a non-standard port to transfer the data. When using passive mode, the client makes the connection to the server using a non-standard port to transfer the data. Port 21 is used for notification and control *only*, no data is actually transferred using that port. This is one of the things that makes putting FTP servers behind a firewall nearly impossible, because the passive FTP connections for transferring data come in from an unknown port (well if you examine the FTP data, you can determine the actual port). HTH -- Glenn L. Austin <>< <[EMAIL PROTECTED]> Phone: (360) 281-5436 _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
