From: gypsy <gypsy@iswest.com>
To: netfilter@lists.netfilter.org
Subject: Re: Passive FTP sees remote's _internal_ IP!!??
Date: Tue, 28 Nov 2006 01:14:33 -0800 [thread overview]
Message-ID: <456BFDF9.AD6CEF5D@iswest.com> (raw)
In-Reply-To: 456B57FA.5020000@plouf.fr.eu.org
gypsy wrote:
> >>>When the default GW is set to the linux box (192.168.223.254) and
> >>>passive FTP to a remote server is initiated, the FTP fails after
> >>>connection because the internal IP of the remote machine (192.168.1.11)
> >>>is seen rather than its external IP. This problem occurs only when
> >>>passive FTP is used.
We created a workaround for this by forcing all FTP to be active, not
passive. We did this with jftpgw (
http://www.mcknight.de/jftpgw/jftpgw-0.13.5.tar.gz ) with a transparent
proxy setup.
This is the configuration:
#!/bin/sh
./configure \
"--prefix=/usr" \
"--sysconfdir=/etc" \
"--localstatedir=/var" \
"--enable-crypt" \
"--enable-libwrap" \
"--with-logpath=/var/log" \
"$@"
make all install
And the jftpgw.conf:
<global>
serverport 21
defaultmode active
debuglevel 8
changeroot never
dropprivileges startsetup
runasuser nobody
loginstyle 0
logintime user
commandtimeout 60
dnslookups no
forwardlookups no
hostcachetimeout 28800
initialsyst yes
reverselookups no
strictasciiconversion on
syslogfacility daemon
transfertimeout 120
transparent-proxy on
welcomeline .
</global>
<servertype standalone>
listen 192.168.223.254:2370
logstyle files
logfile /var/log/jftpgw.log
pidfile /var/run/jftpgw.pid
</servertype>
<servertype inetd>
logstyle syslog
</servertype>
<from 0.0.0.0/0>
access deny
</from>
<from 192.168.223.0/24>
access allow
</from>
And the iptables line:
iptables -t nat -A PREROUTING -p tcp -s 192.168.223.0/24 --dport 21 -j
DNAT --to 192.168.223.254:2370
--
gypsy
next prev parent reply other threads:[~2006-11-28 9:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20061127184454.0BD73DB@brinstar.nerim.net>
2006-11-27 21:26 ` Passive FTP sees remote's _internal_ IP!!?? Pascal Hambourg
2006-11-28 4:46 ` gypsy
2006-11-28 18:09 ` Maxime Ducharme
2006-11-28 22:36 ` Pascal Hambourg
2006-11-28 9:14 ` gypsy [this message]
2006-11-27 15:32 gypsy
2006-11-27 15:37 ` David Sims
2006-11-27 18:39 ` Maxime Ducharme
-- strict thread matches above, loose matches on Subject: below --
2006-11-26 9:01 gypsy
2006-11-26 20:18 ` William Lima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=456BFDF9.AD6CEF5D@iswest.com \
--to=gypsy@iswest.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.