RE: [PLUG] IP Masq'ing Logic Check

Charles Stack on Tue, 1 Aug 2000 12:18:01 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] IP Masq'ing Logic Check

From: "Charles Stack" <charles@codycomp.com>

To: <plug@lists.phillylinux.org>

Subject: RE: [PLUG] IP Masq'ing Logic Check

Date: Tue, 1 Aug 2000 12:17:34 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

With the setup as you show below, you should be able to use PASV mode without any problems since the client will connect to the port the server specifies provided you have an outbound rule specified through your firewall. You will not be able to use the PORT command unless you have a proxy (as you suggested). The PASV command was designed for this purpose of getting through firewalls since it allows the client to do the connection rather than the server trying to connect to the client (as the PORT command would do). cjs -----Original Message----- From: plug-admin@lists.phillylinux.org [mailto:plug-admin@lists.phillylinux.org]On Behalf Of Michael W. Ryan Sent: Tuesday, August 01, 2000 12:04 PM To: PLUG Mailing List Subject: [PLUG] IP Masq'ing Logic Check Could someone familiar with IP Masq'ing issues confirm my conclusion here. Thanks. Given the following arrangement: FTP Server---Internet---Firewall---Private Subnet---FTP Client If the FTP Client is in a private subnet (i.e. 192.168.1.0), it cannot perform normal mode FTP data transfers with the FTP Server on the Internet. This is because normal mode FTP requires the FTP Server to make a connection from port 20 (ftp-data) to an unprivledge port on the FTP Client, and the FTP Server sees the connection as coming from the Firewall, not the FTP Client. Passive mode FTP transfers would work, as it requires the FTP Client make a connection from an unprivledged port to an unprivledged port on the FTP Server. In order to allow normal mode FTP data transfers from within the private subnet, an FTP proxy would need to be installed on the Firewall. Michael W. Ryan, MCP, MCT | OTAKON 2000 mryan@netaxs.com | Convention of Otaku Generation http://www.netaxs.com/~mryan/ | http://www.otakon.com/ No, I don't hear voices in my head; I'm the one that tells the voices in your head what to say. ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] IP Masq'ing Logic Check
From: "Michael W. Ryan" <mryan@netaxs.com>

Prev by Date: Re: [PLUG] IP Masq'ing Logic Check

Next by Date: Re: [PLUG] IP Masq'ing Logic Check

Previous by thread: Re: [PLUG] IP Masq'ing Logic Check

Next by thread: Re: [PLUG] IP Masq'ing Logic Check

Index(es):

Date

Thread