Re: [PLUG] IP Masq'ing Logic Check

Michael C. Toren on Tue, 1 Aug 2000 12:14:36 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] IP Masq'ing Logic Check

From: "Michael C. Toren" <mct@netaxs.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] IP Masq'ing Logic Check

Date: Tue, 1 Aug 2000 12:14:23 -0400

User-agent: Mutt/1.2i

> Could someone familiar with IP Masq'ing issues confirm my conclusion here. > Thanks. > > Given the following arrangement: > > FTP Server---Internet---Firewall---Private Subnet---FTP Client > > If the FTP Client is in a private subnet (i.e. 192.168.1.0), it cannot > perform normal mode FTP data transfers with the FTP Server on the > Internet. This is because normal mode FTP requires the FTP Server to make > a connection from port 20 (ftp-data) to an unprivledge port on the FTP > Client, and the FTP Server sees the connection as coming from the > Firewall, not the FTP Client. Correct. > Passive mode FTP transfers would work, as it requires the FTP Client make > a connection from an unprivledged port to an unprivledged port on the FTP > Server. Correct. > In order to allow normal mode FTP data transfers from within the private > subnet, an FTP proxy would need to be installed on the Firewall. Also correct, but the "FTP proxy" could just be the ip_masq_ftp module. There are also modules included in the stock 2.2 kernel for IRC, cuseeme, Quake, RealAudio, and a few others (ICQ, maybe?). -mct

References:

[PLUG] IP Masq'ing Logic Check
From: "Michael W. Ryan" <mryan@netaxs.com>

Prev by Date: [PLUG] IP Masq'ing Logic Check

Next by Date: RE: [PLUG] IP Masq'ing Logic Check

Previous by thread: [PLUG] IP Masq'ing Logic Check

Next by thread: RE: [PLUG] IP Masq'ing Logic Check

Index(es):

Date

Thread