/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
On Sun, 2002-02-03 at 17:48, THE CROW wrote: > I've a little lan with 3 "client" computers and a gateway/router, a linux > box with 2.4.* kernel connected to the Internet by ADSL. > > I've compiled kernel to use NAT and Ip masquerading with iptables and > everething works well, everything but this: > > 1: There's no way for me to establish an active ftp connection to any ftp > server on the Internet, if I try it by a masqued WINDOWS client (It works > with linux clients). I compiled ip_masq_ftp as a part of the kernel and not > as a module, so I don't think it's a problem of module loading. > Oh, don't tell me to switch to passive mode, it's too simple in that way :-) AFAIK, the module you refer to (ip_masq_ftp) is for ipchains (no mention of it in the 2.4.16 source), not iptables. I'd be interested in what Linux ftp clients you believe are connecting in active mode from behind an iptables based NAT firewall. I suspect that these clients are switching to passive mode automatically. > 2. I can't connect to any IRC by a windows client if I put the gateway > iptables INPUT policy to DROP (and another time, the same thing work with a > linux client). This I'm much less familiar with, but I suspect it as to do with the requests to port 113 (ident) being dropped. Perhaps the Linux IRC client server communication is simply dealing with the dropped ident request better. Jamin W. Collins _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
