accessing internet using ftp, ping or http

Rick Stevens rstevens at vitalstream.com
Mon May 2 19:02:04 UTC 2005 

Pankaj Mandal wrote:
> Hi,
>  
> I have a problem accessing the ftp, ping  from some machines (some 3 of 
> them) from a subnet.
>  
> I am told that the particular subnet has access restrictions which 
> causes ftp, ping etc to fail.

If they've got that subnet blocked at your router, you're out of luck.
You'll have to talk to your network admins into allowing those machines
to have access.

> I have RHEL v3 installed on the machines. Is there a way I could use the 
> above protocols to access internet.
> This is causing problem as I cannot download software directly to the 
> machine and configure it using tools provided
> by many of those software. one example is CPAN modules.
>  
> Even linux updates I cannot get directly.
> Within the intranet I am able to use all the protocols like ftp, ping, 
> http etc.
> I hear there is some software that can overcome this restriction, 
> although I do not know what they are.

Again, you have a firewall on your router and your network guys will
have to allow access for your machines.

FTP is tricky since on a standard download request, the remote side must
open a reverse connection to you to send you the data you requested.
Linux firewalls (iptables) offer connection tracking, meaning that the
firewall will allow an incoming connection to be made IF it's related to
one already established via an outbound connection (the famous
"established,related" option to conntrack).

The only ways out I can think of is to make sure you use passive FTP
connections instead of standard ones--but that depends on your network
people allowing outgoing FTP connections and they may have those
blocked, too.  The second is to use http-only downloads.  Not all sites
offer HTTP progressive downloads, however...some simply redirect you
to an FTP site.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-      I won't rise to the occasion, but I'll slide over to it.      -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list