Re: MASQ problem wiht 2.3.45 and Netfilter

From: James Sutherland (jas88@cam.ac.uk)
Date: Sun May 21 2000 - 01:55:39 EST

Next message: Jeff Garzik: "Re: /dev/random -- can I enlarge the `randomness stock'?"
Previous message: getrpml@moscito.org: "/dev/random -- can I enlarge the `randomness stock'?"
In reply to: Sebastian Ip: "MASQ problem wiht 2.3.45 and Netfilter"
Next in thread: Sebastian Ip: "Re: MASQ problem wiht 2.3.45 and Netfilter"
Reply: Sebastian Ip: "Re: MASQ problem wiht 2.3.45 and Netfilter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 21 May 2000, Sebastian Ip wrote:

> Hello.
>
> This is a problem with one of my friend's machines. He uses a ATM ADSL,
> but the problem is the same for a modem dialup,
> solution and he is using a Redhat 6.2 box to share access with his family.
> ( would be nice if you guys can help cause he's about to change back to
> windows98 and winroute ;P)

Not a good idea :)

> Anyhow the problem is that when he tries to ftp from behind his "firewall"
> he gets "invalide ports" error or something. Looking at the logs on our
> school server I noticed this: "refused PORT 192.168.8.1,3800 from
> dial-up1.nhh.com.hk [202.64.58.156]". Clearly there is some problem where
> we are getting his internal address instead of the Masquraded address.
> What has really stumped us is that the problem exists in both 2.3 + ADSL
> or modem and 2.2 + ADSL and modem. Using similar ipchains rules in 2.2 as
> I do he still has this problem. If it also helps people answering this
> question using icq 2000 he gets a "rate exceeded" error while icq 98 works
> fine.

He needs to use "passive" FTP. With "normal" FTP, you connect to the
server and send commands; the server then connects back to your IP address
to send the data. This, of course, doesn't work with NAT unless you use a
special extra support module.

Either he can just enable "passive mode" in his FTP client, or load the
FTP NAT module, which can be enabled via the kernel config screen, or
there may be a copy in /lib/modules/(kernel version)/net/.

> Thanks guys in advance if you can help. Also he's going to need some help
> port forwarding on 2.3 kernel. As i never used a 2.3 kernel could someone
> here drop him a line about what util to use and such? Thanks he's email is
> tparker@sc.esf.edu.hk .

Erm - why is he going to be using an experimental, development kernel??
If, as he appears, he is new to this system, he probably shouldn't...

James.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jeff Garzik: "Re: /dev/random -- can I enlarge the `randomness stock'?"
Previous message: getrpml@moscito.org: "/dev/random -- can I enlarge the `randomness stock'?"
In reply to: Sebastian Ip: "MASQ problem wiht 2.3.45 and Netfilter"
Next in thread: Sebastian Ip: "Re: MASQ problem wiht 2.3.45 and Netfilter"
Reply: Sebastian Ip: "Re: MASQ problem wiht 2.3.45 and Netfilter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue May 23 2000 - 21:00:19 EST