RE: [PLUG] IP Masq'ing Logic Check

Charles Stack on Tue, 1 Aug 2000 12:29:46 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] IP Masq'ing Logic Check

From: "Charles Stack" <charles@codycomp.com>

To: <plug@lists.phillylinux.org>

Subject: RE: [PLUG] IP Masq'ing Logic Check

Date: Tue, 1 Aug 2000 12:29:23 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

I'm not sure it'll work with the PORT command. It does work with the PASV command, however. -----Original Message----- From: plug-admin@lists.phillylinux.org [mailto:plug-admin@lists.phillylinux.org]On Behalf Of Barry Spindler Sent: Tuesday, August 01, 2000 12:17 PM To: plug@lists.phillylinux.org Subject: Re: [PLUG] IP Masq'ing Logic Check Yep, that's correct. There is an IPMasq module (ip_masq_ftp) that makes normal FTP transfers work in this sitution (or should at least work). This is one of a few IPMasq modules that come with the kernel and sit in /lib/modules/<kernel_ver>/ipv4 to help with protocols that make connections like this. --Barry On Tue, Aug 01, 2000 at 12:04:10PM -0400, Michael W. Ryan wrote: > Could someone familiar with IP Masq'ing issues confirm my conclusion here. > Thanks. > > Given the following arrangement: > > FTP Server---Internet---Firewall---Private Subnet---FTP Client > > If the FTP Client is in a private subnet (i.e. 192.168.1.0), it cannot > perform normal mode FTP data transfers with the FTP Server on the > Internet. This is because normal mode FTP requires the FTP Server to make > a connection from port 20 (ftp-data) to an unprivledge port on the FTP > Client, and the FTP Server sees the connection as coming from the > Firewall, not the FTP Client. > > Passive mode FTP transfers would work, as it requires the FTP Client make > a connection from an unprivledged port to an unprivledged port on the FTP > Server. > > In order to allow normal mode FTP data transfers from within the private > subnet, an FTP proxy would need to be installed on the Firewall. > > Michael W. Ryan, MCP, MCT | OTAKON 2000 > mryan@netaxs.com | Convention of Otaku Generation > http://www.netaxs.com/~mryan/ | http://www.otakon.com/ > > No, I don't hear voices in my head; > I'm the one that tells the voices in your head what to say. > -- Practical people would be more practical if they would take a little more time for dreaming. -- J. P. McEvoy ------------------------------------------------------------------------ GPG Fingerprint: 5475 C984 D870 4ACD 9799 1B69 DFCE 17CB 8257 38C3 ------------------------------------------------------------------------ ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

Follow-Ups:

[PLUG] Re: IP Masq'ing Logic Check
From: Kevin Falcone <kevinfal@seas.upenn.edu>

References:

Re: [PLUG] IP Masq'ing Logic Check
From: Barry Spindler <archmage@i-o-r.net>

Prev by Date: Re: [PLUG] IP Masq'ing Logic Check

Next by Date: Re: [PLUG] IP Masq'ing Logic Check

Previous by thread: Re: [PLUG] IP Masq'ing Logic Check

Next by thread: [PLUG] Re: IP Masq'ing Logic Check

Index(es):

Date

Thread