On 21 May 99, at 15:57, Derek Evans wrote about
"Re: [Masq] Re: Multiple FTP server":
|...
| The internal FTP server has been working correctly with Fred's ip_masq_ftp
| patches, which I've had installed since the beginning. After adding the new
| FTP server on the firewall (ProFTPd), the internal FTP server still works
| perfectly, but the new one will not work with passive mode because the
| firewall blocks the incoming requests once the port has changed to an
| arbitrary port.
Ah, you have set up strong input filtering. Yep, that will interfere
with passive mode FTP to your gateway server, as well as active mode
FTP from a client running on the gateway.
| Is there any way to have both servers working with passive mode
| simultaneously? Would I not encounter the same problem even if I didn't
| have an internal FTP server at all? It's the firewall ruleset that is
| interfering with the new FTP server's ability to use passive mode, right?
1. N/A, because: 2. Yes and 3. Yes.
It looks like the IPCHAINS patches posted today address exactly this
issue for 2.2.x kernels. Other than that, I think you will have to
not block the unrestricted ports coming in the external interface, if
you want to support PASV from the unmasqueraded server.
- Fred Viles <mailto:[EMAIL PROTECTED]>
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
