Re: ip masquerading working with http, but can not get past the "ls"

Tim Fletcher (tim@night-shade.demon.co.uk)
Mon, 7 Jun 1999 21:31:25 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: dandrews@mpiua.com: "Make Boot Error"
Previous message: Daryl Williams: "backup dump command?"

> I have ip masquerading working with http, but can not get past the "ls"
> with ftp. I can open a connection but a list command just hangs.
> The output looks like...
>
> 230 Guest login ok, access restrictions apply.
> ftp> ls
> 200 PORT command successful.
> -------------> NOW I JUST HANG
>
>
> Any Ideas???

Use passive ftp or add a firewall rule to allow all incoming traffic from
port 20 (ftp data port) to ports 61000-65535 (the masq data ports).

The first is more secure as it blocks port scans originating on port 20,
the 2nd way requires less thought on the part of the user.

PS This is FAQ and as such coverd (in some depth) in the Firewalling
and IPMasg howtos

Tim Fletcher .~. /V\ L I N U X tjdf@st-andrews.ac.uk // \ >Don't fear the penguin< tim@night-shade.demon.co.uk /( )\ ^^-^^

If it's tourist season, why can't we shoot them?

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu

Next message: dandrews@mpiua.com: "Make Boot Error"
Previous message: Daryl Williams: "backup dump command?"