Re: IPchains question

[Brian Hand <bchand squashduck com>]

Thanks alot for the info that worked out great.  One last barrier to
overcome I have a paranoid ftp admin out there that I occasionally help
outthere and he runs an active ftp site on port 1994.  Can anyone help me
figure out what I need to do to get connectivity to his site through the
masq host?

Thanks
Brian

On Sun, 4 Jul 1999, Paul Rushing wrote:

> just out of curiosity are you loading the ip_masq_ftp module??
> 
> if not, then as root:  modprobe ip_masq_ftp
> 
> now try a non-passive ftp session from one of the clients.
> 
> works for me, i can use that brain dead windows command line ftp program
> now.
> 
> -----Original Message-----
> From: Brian Hand <bchand squashduck com>
> To: redhat-install-list redhat com <redhat-install-list redhat com>
> Date: Sunday, July 04, 1999 4:17 PM
> Subject: Re: IPchains question
> 
> 
> >Just as a quick clairifcation, passive mode works, i.e netscape.  it is
> >command line ftp that gets screwed up.
> >
> >Brian
> >
> >
> >On Sun, 4 Jul 1999, Paul B. Brown wrote:
> >
> >>
> >> Hummm . . . .
> >>
> >> Port 20 = data connection
> >> Port 21 = control connection (data connection as well in passive mode)
> >>
> >> If the data connection to port 20 is not being allowed then you have a
> >> problem Houston.  My idea here is that the data connection is initiated
> >> from the remote site, maybe?  If so, you're not allowing the connection.
> >> Anyone else have any thoughts on this?
> >>
> >> Paul
> >>
> >> -------------------------------------------------------------------------
> --
> >> Paul B. Brown                          pbrown btechnet com
> >> President
> >> Brown Technologies Network, Inc.       http://www.btechnet.com/
> >>
> >> Unix Systems Administration            "Sailing is a state of mind . . .
> ."
> >> -------------------------------------------------------------------------
> --
> >>
> >> On Sun, 4 Jul 1999, Brian Hand wrote:
> >>
> >> > Hello, I am using the following two ipchains commands to setup ip
> >> > masquade on a 10.*.*.* network
> >> >
> >> > /sbin/ipchains -P forward DENY
> >> > /sbin/ipchains -A forward -s 10.0.0.0/255.0.0.0 -j MASQ
> >> >
> >> > every thing works fine except for active ftp sessions,  can anyone
> offer
> >> > the command you use to allow active ftp connections back in.  I realize
> >> > that passive does work, however I have many winblows and macincraps on
> the
> >> > private network and they are the ones I need to get working.
> >> >
> >> > Thanks
> >> > Brian
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> >   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST
> ARCHIVES!
> >> > http://www.redhat.com http://archive.redhat.com
> >> >          To unsubscribe: mail redhat-install-list-request redhat com
> with
> >> >                        "unsubscribe" as the Subject.
> >> >
> >>
> >>
> >> --
> >>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST
> ARCHIVES!
> >> http://www.redhat.com http://archive.redhat.com
> >>          To unsubscribe: mail redhat-install-list-request redhat com with
> >>                        "unsubscribe" as the Subject.
> >>
> >
> >
> >--
> >  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> > http://www.redhat.com http://archive.redhat.com
> >         To unsubscribe: mail redhat-install-list-request redhat com with
> >                       "unsubscribe" as the Subject.
> >
> 
> 
> -- 
>   PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
> 		http://www.redhat.com http://archive.redhat.com
>          To unsubscribe: mail redhat-install-list-request redhat com with 
>                        "unsubscribe" as the Subject.
>