[TriLUG] Firewall blues...

Christopher Knowles knowlesc at telocity.com
Fri Feb 15 17:49:17 EST 2002


Yes he is.  You see, Able Baker and Charlie are all under my control.  And 
all of Able Baker and Charlie are able to ftp to sites like redhat and 
idsoftware.

Weird, isn't it?

CJK

On Friday 15 February 2002 05:38 pm, Jon Carnes wrote:
> Dude, if it works clear and free for Able (and Able isn't doing anything
> special), then the problem lays with Baker's firewall.  Is "Baker" running
> the masq_ftp module on his firewall (necessary for NAT-ing ftp properly
> though a NAT firewall).
>
> Jon
>
> On Thursday 14 February 2002 11:28 pm, Christopher Knowles wrote:
> > On Thursday 14 February 2002 10:08 pm, Christopher Knowles wrote:
> > > OK, I've got an ipchains masquerading firewall.
> > >
> > > I need for two remote users to be able to ftp to a server that is, and
> > > must remain inside the firewall.
> > >
> > > I've set up the rules to allow incoming ftp and ftp-data connections.
> > >
> > > I've set up portforwarding to forward ftp and ftp-data connections to
> > > the firewall to that server.
> > >
> > > Now, users Able and Baker...
> > >
> > > Able is a newbie, and is naked on the internet, no protection, and he
> > > can ftp in just fine.  Everything is good.
> > >
> > > Baker, he has a linux based ipchains firewall (and I've even used a
> > > Charlie with iptables to the same effect).  He can log into the ftp
> > > server, but when he tries to do a dir, pasv, or cd, get etc... it just
> > > hangs.  I can't find any reference to the packets soming in with the
> > > logs.  (Any way to log ipmasqadm?)
> > >
> > > Any ideas?  I would like Baker (and Charlie) to be able to get in to
> > > the ftp server.
> > >
> > > CJK
> > > _______________________________________________
> > > TriLUG mailing list
> > > http://www.trilug.org/mailman/listinfo/trilug
> >
> > I should mention that Baker and Charlie both have the appropriate rules
> > in their firewalls to allow ftp to servers such as redhat, etc...
> >
> > CJK
> >
> > _______________________________________________
> > TriLUG mailing list
> > http://www.trilug.org/mailman/listinfo/trilug
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug



More information about the TriLUG mailing list