I mentioned this at the BBQ...you might find this funny.
http://www.improb.com/airchives/paperair/volume6/v6i4/postal-6-4.html
--
Charles R. Anderson
Friends, can you help me here, I've got a problem, I 'm implementing ipchains in my gateway server, so, all the thing I've done were masquerading all the clients connection, so, port 20,21,22,23,25,110,80,53 (ftp data,ftp, ssh,telnet,mail, http, and dns are masqueraded. My clients got no problem using the internet for http, mail access, but they get problem on ftp, they could not connect, the error was " ftp: connect :Unknown error number" can you please tell me whic other port that I should to masquerade in order to enable ftp access from my client, Thanks Aramico
On Fri, Jul 18, 2003 at 10:34:14AM +0700, Aramico wrote:
aramico> I 'm implementing ipchains in my gateway server,
aramico> so, all the thing I've done were masquerading all the clients connection,
aramico> so, port 20,21,22,23,25,110,80,53 (ftp data,ftp, ssh,telnet,mail, http, and dns are masqueraded.
Normally you don't masquerade individual ports; why did you do that?
Just masquerade your internal IP block to your external address:
ipchains -A forward -s 192.168.0.1/24 -d 0.0.0.0/0 -j MASQ
aramico> My clients got no problem using the internet for http, mail access,
aramico> but they get problem on ftp, they could not connect,
aramico> the error was " ftp: connect :Unknown error number"
Active (PORT) FTP doesn't work across NAT without special help. Try
using passive (PASV) FTP instead of active FTP (enter "passive" on
ftp command line), or switch to iptables, which can handle NATting
FTP:
http://www.linuxchix.org/content/courses/security/connection_tracking
--
Charles R. Anderson
I especially like the one about the cheese wheel that "oiled" its way through the box! ;-) Charles R. Anderson wrote:
I mentioned this at the BBQ...you might find this funny.
http://www.improb.com/airchives/paperair/volume6/v6i4/postal-6-4.html
participants (3)
-
Aramico
-
Charles R. Anderson
-
Stephen C. Daukas