|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] IP Masq'ing Logic Check
|
Could someone familiar with IP Masq'ing issues confirm my conclusion here.
Thanks.
Given the following arrangement:
FTP Server---Internet---Firewall---Private Subnet---FTP Client
If the FTP Client is in a private subnet (i.e. 192.168.1.0), it cannot
perform normal mode FTP data transfers with the FTP Server on the
Internet. This is because normal mode FTP requires the FTP Server to make
a connection from port 20 (ftp-data) to an unprivledge port on the FTP
Client, and the FTP Server sees the connection as coming from the
Firewall, not the FTP Client.
Passive mode FTP transfers would work, as it requires the FTP Client make
a connection from an unprivledged port to an unprivledged port on the FTP
Server.
In order to allow normal mode FTP data transfers from within the private
subnet, an FTP proxy would need to be installed on the Firewall.
Michael W. Ryan, MCP, MCT | OTAKON 2000
mryan@netaxs.com | Convention of Otaku Generation
http://www.netaxs.com/~mryan/ | http://www.otakon.com/
No, I don't hear voices in my head;
I'm the one that tells the voices in your head what to say.
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|