Subject: Re: IPMasq question
From: Keary Suska (hierophant@pcisys.net)
Date: Sat Jan 19 2002 - 17:04:26 MST
on 1/19/02 11:35 AM, sfalken@citlink.net purportedly said:
> alright, I've got a small network going here, consisting of a hardware DSL
> router/firewall, 1 Mklinux Pre-R1 box, one YDL2.0 box, and 1 Slackware 8.0
> box.
>
> the YDL box is my personal machine, desktop, games, irc, whatever, the
> MKLinux box is my webserver, and various other sundries, running headless in
> the closet, and the Slackware box is my Mailserver, and runs some shells for
> freinds for IRC bots, BNC's, and whatnot. Herein Lies the problem.
>
> I need to get FTP working on the Slack and Mk boxes, I have the incoming
> connections setup for port forwarding in the firewall, at ports 21 and 2121
> respectively, but I can't quite figure out how to route the ftp-data
> connections to make ftp work, do I just need to port forward port 20 in the
> firewall to each box on different ports? or do I need to setup some sort of
> static routing in the routing tables of these two machines? SCP works fine,
> but a couple of my users seem a little truculent, or perhaps stubborn to use
> scp, anybody have any ideas?
If your firewall is doing masquerading, you shouldn't need any
port-forwarding. Your firewall could be blocking FTP data connections, since
by default the FTP server connects to the client, and not visa versa. If
passive mode connections don't work either, it is possible that you are
filtering outgoing packets on ports the ftp client wants to use. A simple
test would be to temporarily drop the firewall, but keep the NAT, and see if
FTP works. If it does, the problem is in your firewall ruleset. You probably
want to enter runlevel 1 for all Unix machines to avoid the risk of system
compromise.
Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"
This archive was generated by hypermail 2a24 : Sat Jan 19 2002 - 17:19:03 MST