Re: [Masq] ftp problem (ip_masq_ftp not working?)

[William Stearns]

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */


Good morning, Bill,

On Sun, 31 Oct 1999, William Schwartz wrote:

> >     Perhaps your active ftp client is using high port to high port
> > connections for the ftp data channel.
> >     As a test, create a firewall with your standard masquerading
> > rule, a default policy of accept, and the ip_masq_ftp module loaded.
> > If the ftp connection works now, you're probably blocking the ports
> > necessary to carry the data.
> 
> ok, I made a basic firewall of:
> ----------------------------
> echo Loading MASQ modules
> /sbin/modprobe ip_masq_ftp
> 
> echo "Adding multicast route.."
> /sbin/route add -net 224.0.0.0 netmask 240.0.0.0 dev eth1
> 
> echo "Enabling IP Masqurading.."
> echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> ipchains -P forward DENY

        Try it with a forwarding policy of ACCEPT, just for grins.

> ipchains -P output ACCEPT
> ipchains -P input ACCEPT
> ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
> 
> ipchains -M -S 7200 10 7200  
> -------------------------------------
> 
> so anything going in and out from the linux box should work.
> 
> i used the standard unix ftp client and connected out.
> tried to do an ls in teh ftp session and got a PORT error.
> 
> lsmod showed ip_masq_ftp used by 0
> 
> I'm using redhat 6.1 (2.2.12 kernel)

        What do you get with other ftp clients?

> Slso, while I"m emaiing you.
> 
> my the module for my scsi card isn't loading on boot.  what do i need
> to add to lilo.conf to get it to load?

        Try adding
alias scsi_hostadapter my_scsi_adaptor_module_name
        to /etc/modules.conf.  If that doesn't work, check the Redhat site
or build a custom kernel with your scsi adaptor module compiled in.
        Cheers,
        - Bill

---------------------------------------------------------------------------
        "Computers let you make more mistakes faster than any other
invention in human history, with the possible exception of handguns and
tequila." 
        -- Mitch Radcliffe
(Courtesy of Hugo van der Kooij <[EMAIL PROTECTED]>)
--------------------------------------------------------------------------
William Stearns ([EMAIL PROTECTED]).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns/

_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES 
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.