Charles Stack on Tue, 1 Aug 2000 12:18:01 -0400 (EDT)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] IP Masq'ing Logic Check


With the setup as you show below, you should be able to use PASV mode
without any problems since the client will connect to the port the server
specifies provided you have an outbound rule specified through your
firewall.  You will not be able to use the PORT command unless you have a
proxy (as you suggested).

The PASV command was designed for this purpose of getting through firewalls
since it allows the client to do the connection rather than the server
trying to connect to the client (as the PORT command would do).

cjs

-----Original Message-----
From: plug-admin@lists.phillylinux.org
[mailto:plug-admin@lists.phillylinux.org]On Behalf Of Michael W. Ryan
Sent: Tuesday, August 01, 2000 12:04 PM
To: PLUG Mailing List
Subject: [PLUG] IP Masq'ing Logic Check


Could someone familiar with IP Masq'ing issues confirm my conclusion here.
Thanks.

Given the following arrangement:

    FTP Server---Internet---Firewall---Private Subnet---FTP Client

If the FTP Client is in a private subnet (i.e. 192.168.1.0), it cannot
perform normal mode FTP data transfers with the FTP Server on the
Internet.  This is because normal mode FTP requires the FTP Server to make
a connection from port 20 (ftp-data) to an unprivledge port on the FTP
Client, and the FTP Server sees the connection as coming from the
Firewall, not the FTP Client.

Passive mode FTP transfers would work, as it requires the FTP Client make
a connection from an unprivledged port to an unprivledged port on the FTP
Server.

In order to allow normal mode FTP data transfers from within the private
subnet, an FTP proxy would need to be installed on the Firewall.

Michael W. Ryan, MCP, MCT     | OTAKON 2000
mryan@netaxs.com              | Convention of Otaku Generation
http://www.netaxs.com/~mryan/ | http://www.otakon.com/

No, I don't hear voices in my head;
I'm the one that tells the voices in your head what to say.


______________________________________________________________________
Philadelphia Linux Users Group       -       http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion   -   http://lists.phillylinux.org/mail/listinfo/plug


______________________________________________________________________
Philadelphia Linux Users Group       -       http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion   -   http://lists.phillylinux.org/mail/listinfo/plug