Ola Theander <[EMAIL PROTECTED]> wrote:
>
> As far as I can tell from the discussion, I will have a problem if I
> want to have a FTP server behind the firewall, due to the fact that
> FTP file transfer may occur on a inbound port of random selection.
> Is this correctly understood?
That's right. If you use ipportfw, you can "tunnel" individual
connections arriving on known ports, through your firewall, to your
masqueraded server. The FTP "control" connection comes in on a known
port, and can be tunnelled, but the "data" connections (if PASV mode is
used) cannot be determined ahead of time, without a supporting protocol
module. I don't know of any such module available, nor under
development.
> If so, is there any solution to the problem?
If we knew of a solution, don't you think we would have told you? :)
The only workable method I can think of is to run the FTP server on the
masq box itself, and mount the needed files from the internal server
(via NFS, SMBFS, etc.) to make them available.
It would be interesting if the FTP server itself could be intelligent
enough to submit the necessary ipportfw command to the masq box when it
receives a "PASV" request from a client. That of course requires a
server whose source code can be modified, and requires a trust
relationship between your masq server and FTP server.
A protocol module would be the best solution; I'm sure that if you were
to develop one, you would receive untold gratitude. :)
--
[EMAIL PROTECTED] (Fuzzy Fox) || "Nothing takes the taste out of peanut
sometimes known as David DeSimone || butter quite like unrequited love."
http://www.dallas.net/~fox/ || -- Charlie Brown
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
