Hello all!
On Wed, Dec 20, 2000 at 01:08:07PM -0500, Michael H. Warfield wrote:
> On Wed, Dec 20, 2000 at 12:52:27PM -0500, Michael Rothwell wrote:
> > "Michael H. Warfield" wrote:
> > > You can use spf to add some stateful inspection for PORT mode
> > > ftp. Personally, I like the masquerading option better, though.
> > Can you give an example of using MASQ selectively? I have real addresses
> > on both sides of the firewall, but want things like FTP to work
> > correctly. I think the IPChains HOWTOs are just a little terse. :)
Michael Rothwell kindly pointed out to me in private mail that
I SCREWED UP (he didn't say that, I did) the copy-and-past on one of
the command lines and left out a "little detail"...
> modprobe ip_masq_ftp
> ipchains -A forward -p tcp -s {Source Addresses} -d 0/0 21
This should have been:
modprobe ip_masq_ftp
ipchains -A forward -p tcp -s {Source Addresses} -d 0/0 21 -j MASQ
DOH! Sorry!
> Seems to work for me (mine includes a "tag" and a policy route
> rule to send it out my cable modem that I've left off here)...
> If you don't load the ip_masq_ftp module, you WILL get illegal
> port errors on the PORT commands.
> > Thanks!
Mike
-- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sat Dec 23 2000 - 21:00:27 EST