[SLUG] Forwarding internal FTP connections

Thu, 31 Aug 2000 21:29:31 -0700 

Hey sluggers,

To date I have had mostly success with IP Masq forwarding connections
(thanks to some help with the config : )

What I am trying to currently do is forward an inbound FTP connection from
the net to an internal machine.

Forwarding outbound connections has been working fine for some time now.
I am running the 2.2.14 kernel (debian stable), and using ipmasqadm to set
up my firewalling rules.

Below are the salient parts of my rc.firewall file

#####
# Supports the proper masquerading of FTP file transfers using the PORT
method
#
/sbin/modprobe ip_masq_ftp

# Turn on all the appropriate services and essential Masq'ing
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

# Added the code to find out the external IP address...
EXTIP=`ifconfig eth0 | awk '/inet addr/ { gsub(".*:", "", $2) ; print $2 }'`
if [ "$EXTIP" = '' ]; then
   echo "Aborting: Unable to determine the IP of $EXTIF ... DHCP or PPP
problem?"
   exit 1
fi
echo External IP: $EXTIP

# Add in the necessary firewalling to forward FTP connections to floyd
echo "Adding the firewalling for forwarding FTP connections to Floyd"
ipmasqadm portfw -a -P tcp -L $EXTIP 21 -R 192.168.0.100 21
ipmasqadm portfw -a -P tcp -L $EXTIP 20 -R 192.168.0.100 20
#####

I can connect to the internal FTP server fine from EXTERNAL (internet)
addresses.  I understand how connecting to the masqueraded internal FTP
server from an internal address will not work, but that is not a problem.
However, as soon as I try any active commands (ie try to get the listing of
files in a directory, or even try any transfers) the connection just seems
to hang.

I have the forwarding of connections to SpeakFreely (one of the best net
phones out there, incedentally) to a M$ machine working prefectly, as I am
beginning to fear that this functionality is simply not supported for FTP
(due to the port negotiation stuff).

Has anyone had this running before?  Will I need to upgrade the Kernal to
one of the 2.4 kernals (which has the new Netblah (i forget the name)
forwarding utility)?

Any help would be appreciated.

Cheers

Stephen.

--
If it weren't for the last minute, nothing would ever get done.




--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug

Reply via email to