Re: [masq] FW: masq FTP help!
> Thanks for your response! I'm pretty sure I've configured for the > ftp module to be masqing, because I use ftp quite a bit and it > works fine except for this instance. I think it has to do with > the way masquerade entries are made in the masq table when > ftp is connecting to a non-default port (not 21) and setting up for > de-masq. > > For ftp i'm using: "ip_masq_ftp ports=21,12345" > and of course from the WIN95 box ftp>OPEN xxx.xxx.xxx.xxx 12345 I have tried setting up a none standard port ftp server and I can use it fine accross my masqing firewall, with no changes to the module is the remote host using a none standard protacal as well? > My guess is that ip_masq_ftp somehow manages for default > ftp ports 20 and 21 but doesn't for non-default ports? > Maybe the ipportfw is the answer. If you have problems tcpdump the connection and see which ports the data is coming back on and forward 'em staight to the win95 box. Tim Fletcher .~. /V\ L I N U X [EMAIL PROTECTED] // \\ >Don't fear the penguin< /( )\ ^^-^^ Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam (For non-latiners: "I have a catapult. Give me all the money, or I will fling an enormous rock at your head.") - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FW: masq FTP help!
Thanks for your response! I'm pretty sure I've configured for the ftp module to be masqing, because I use ftp quite a bit and it works fine except for this instance. I think it has to do with the way masquerade entries are made in the masq table when ftp is connecting to a non-default port (not 21) and setting up for de-masq. For ftp i'm using: "ip_masq_ftp ports=21,12345" and of course from the WIN95 box ftp>OPEN xxx.xxx.xxx.xxx 12345 The PORT statement is getting manipulated on the linux - example: PORT 10.0.1.1.5.142 is changed to PORT 204.90.180.84.239.71 (this what the ftp server receives) and entries are made to masq tables on linux (I don't know specifically if they are correct) but .. ipfwadm -M -l shows: prot expire source destinationports tcp 01:06:53 win95.domain mainframe.com 1422 (61255) --> 0 and /proc/net/ip_masquerade shows: Prc FromIP FPrt ToIP TPrt Masq TCP 0A000102:058E CX93AE0E: EF47 0 0 16218 My guess is that ip_masq_ftp somehow manages for default ftp ports 20 and 21 but doesn't for non-default ports? Maybe the ipportfw is the answer. Any help would be greatly appreciated. Dave Corlew -Original Message- From: Tim Fletcher [mailto:[EMAIL PROTECTED]] Sent: Monday, November 16, 1998 10:19 AM To: Corlew, David (GEIS) Cc: [EMAIL PROTECTED] Subject: Re: [masq] FW: masq FTP help! > > My problem is with ftp! It works successfully using client on win95 box to > > ftp server (control and data connections) using OPEN host. > > No problem. But I have a REAL need to open to a certain host server that > > is enabled to a specific non-default port. OPEN pp > > The control connection works just fine. However, any PORT protocol command > > for this type connection is not masq'd. so data connections can't reach my > > win95 machine. Could anyone help with this one. It sounds like you haven't installed the ftp module for ip masqing > Note: The server in question is proprietary and does not support PASV. I > have also tried specifying the special port in the "ip_masq_ftp ports=n" > and did notice at least the server received a masqueraded port command (in > the range 61000-61499) but could not make successful data connection back to > my client. Try using ipportfw from ethier a 2.1.124+ kernel or a patch agaist 2.0.35, I can't rember were I found the patch bu it works very well. I can use an nfs server behind the firewall and other fun things. I can mail the patch and the control progie src to you if you want. Tim Fletcher .~. /V\ L I N U X [EMAIL PROTECTED] // \\ >Don't fear the penguin< [EMAIL PROTECTED] /( )\ ^^-^^ Software, n.: Formal evening attire for female computer analysts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
Re: [masq] FW: masq FTP help!
> > My problem is with ftp! It works successfully using client on win95 box to > > ftp server (control and data connections) using OPEN host. > > No problem. But I have a REAL need to open to a certain host server that > > is enabled to a specific non-default port. OPEN pp > > The control connection works just fine. However, any PORT protocol command > > for this type connection is not masq'd. so data connections can't reach my > > win95 machine. Could anyone help with this one. It sounds like you haven't installed the ftp module for ip masqing > Note: The server in question is proprietary and does not support PASV. I > have also tried specifying the special port in the "ip_masq_ftp ports=n" > and did notice at least the server received a masqueraded port command (in > the range 61000-61499) but could not make successful data connection back to > my client. Try using ipportfw from ethier a 2.1.124+ kernel or a patch agaist 2.0.35, I can't rember were I found the patch bu it works very well. I can use an nfs server behind the firewall and other fun things. I can mail the patch and the control progie src to you if you want. Tim Fletcher .~. /V\ L I N U X [EMAIL PROTECTED] // \\ >Don't fear the penguin< [EMAIL PROTECTED] /( )\ ^^-^^ Software, n.: Formal evening attire for female computer analysts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
[masq] FW: masq FTP help!
> I've successfully implemented ip masquerading on a local network (win95 pc > 10.0.1.2 and linux pc 10.0.1.1). I'm using PPP connection from linux to > the world and everything works great. Am able to use browser, telnet, > ms-exchange server to outlook etc. etc. > My problem is with ftp! It works successfully using client on win95 box to > ftp server (control and data connections) using OPEN host. > No problem. But I have a REAL need to open to a certain host server that > is enabled to a specific non-default port. OPEN pp > The control connection works just fine. However, any PORT protocol command > for this type connection is not masq'd. so data connections can't reach my > win95 machine. Could anyone help with this one. > Note: The server in question is proprietary and does not support PASV. I have also tried specifying the special port in the "ip_masq_ftp ports=n" and did notice at least the server received a masqueraded port command (in the range 61000-61499) but could not make successful data connection back to my client. > Thanks in advance, > Dave Corlew > > PS: I've set this configuration up so that I can stay connected with PPP > to the remote host server on special port and do end-to-end testing from > both the win95 and linux ftp clients. Any help would be greatly > appreciated. > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]