Re: IP MASQUERADING broken again from v1.3.81 onwards

Herbert Rosmanith (herp@wildsau.idv.uni-linz.ac.at)
Fri, 5 Apr 1996 12:45:38 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"
Previous message: garth zenie: "memory & filesystem corruption under heavy load?"
In reply to: Madhusudana Rao R: "IP MASQUERADING broken again from v1.3.81 onwards"
Next in thread: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"

> masquerading code. I can open certain connections like telnet, http etc,
> but while ftp the data connections do not seem to be getting established.
^^^^^^^^^^^^^^^^^^^^^^^
> I can watch the connections with
>
> ipfwadm -M -l -n
>
> which lists the ports and I have never seen port 20 anytime in these
> kernel versions. ^^^^^^^^
>

port 20 is ftp-data, but this port is not used even if you do *not* use
a firewall. the client and the server negotiate which port to use
by using the PORT command, part of the ftp-protocoll.

you can *NEVER* ftp through a "closed" firewall except when using
passive mode, see the PASV command, part of the ftp-protocoll.

to verify this, use netscape to establish a ftp session from behind
your firewall (or Mosaic), because this two programms implicetly seem
to use passive mode connections.

ah well, and here's a question I need to know the answer for: is there
a way to tell a line-mode ftp-client to use passive-mode conections ?
"quote pasv" doesn't seem to be the answer :)

/herp
herbert rosmanith
herp@wildsau.idv.uni-linz.ac.at
rosmanith@edvz.uni-linz.ac.at

Next message: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"
Previous message: garth zenie: "memory & filesystem corruption under heavy load?"
In reply to: Madhusudana Rao R: "IP MASQUERADING broken again from v1.3.81 onwards"
Next in thread: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"