Re: [PLUG] IP Masq'ing Logic Check

Barry Spindler on Wed, 2 Aug 2000 10:49:53 -0400 (EDT)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] IP Masq'ing Logic Check

From: Barry Spindler <archmage@ior.staticky.com>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] IP Masq'ing Logic Check

Date: Tue, 1 Aug 2000 12:11:35 -0400

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.2i

Yep, that's correct. There is an IPMasq module (ip_masq_ftp) that makes normal FTP transfers work in this sitution (or should at least work). This is one of a few IPMasq modules that come with the kernel and sit in /lib/modules/<kernel_ver>/ipv4 to help with protocols that make connections like this. --Barry On Tue, Aug 01, 2000 at 12:04:10PM -0400, Michael W. Ryan wrote: > Could someone familiar with IP Masq'ing issues confirm my conclusion here. > Thanks. > > Given the following arrangement: > > FTP Server---Internet---Firewall---Private Subnet---FTP Client > > If the FTP Client is in a private subnet (i.e. 192.168.1.0), it cannot > perform normal mode FTP data transfers with the FTP Server on the > Internet. This is because normal mode FTP requires the FTP Server to make > a connection from port 20 (ftp-data) to an unprivledge port on the FTP > Client, and the FTP Server sees the connection as coming from the > Firewall, not the FTP Client. > > Passive mode FTP transfers would work, as it requires the FTP Client make > a connection from an unprivledged port to an unprivledged port on the FTP > Server. > > In order to allow normal mode FTP data transfers from within the private > subnet, an FTP proxy would need to be installed on the Firewall. > > Michael W. Ryan, MCP, MCT | OTAKON 2000 > mryan@netaxs.com | Convention of Otaku Generation > http://www.netaxs.com/~mryan/ | http://www.otakon.com/ > > No, I don't hear voices in my head; > I'm the one that tells the voices in your head what to say. > > > ______________________________________________________________________ > Philadelphia Linux Users Group - http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce > General Discussion - http://lists.phillylinux.org/mail/listinfo/plug > > -- To refuse praise is to seek praise twice. ------------------------------------------------------------------------ GPG Fingerprint: 5475 C984 D870 4ACD 9799 1B69 DFCE 17CB 8257 38C3 ------------------------------------------------------------------------ ______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug

References:

[PLUG] IP Masq'ing Logic Check
From: "Michael W. Ryan" <mryan@netaxs.com>

Prev by Date: [PLUG] [PLUG-Announce]today's meeting (8/2/2000)

Next by Date: [PLUG] Whats the best way to get to IQ Group in light of GOP and protests?

Previous by thread: Re: [PLUG] Re: IP Masq'ing Logic Check

Next by thread: [PLUG] VMware performance tips

Index(es):

Date

Thread