/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
I have the same problem still unresolved.
That's what I think that happen:
The client contacts an ftp server with an IP that is NATed by the firewall
towards the real ftp server machine. In active ftp, the server responds to the
client that opens its local port 20 for the data connection.
In passive ftp, the server communicates the port which the client must use on
the server side for the data stream, but
#def I_think
this information includes the IP of the server. That IP is not NATed nor
masquerated by the firewall because it's contained in the data that the server
sends to the client, not in the header
#undef
So the client receives an address that is the REAL address of the server and
the data connection could not be established.
Please, correct me if the above is wrong.
Bye,
Srg
Robert Dege wrote:
>
> Well, I found out what the problem was. I did a client tcpdump on a
> specific passive port that I configured on the ftp server.
>
> The tcpdump showed that when the ftp client tried to reply with a
> passive ftp request, it was pointing to the internal IP address, instead
> of the firewall IP.
>
> I was able to get the pasv working (through some dirty hacks and
> portfw'ing). But does anyone know why the firewall was NOT masqing the
> address?
>
> -Rob
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
