Re: FTP and Masquerading

Re: FTP and Masquerading

[Syed AbuBakr]

1. Here is the out put of ip tables
# Generated by iptables-save v1.3.5 on Tue Jun 13 18:04:23 2006
*nat
:PREROUTING ACCEPT [4089441:225469685]
:POSTROUTING ACCEPT [655:225183]
:OUTPUT ACCEPT [244915:14983380]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Tue Jun 13 18:04:23 2006
# Generated by iptables-save v1.3.5 on Tue Jun 13 18:04:23 2006
*filter
:INPUT ACCEPT [16927662:11422086898]
:FORWARD ACCEPT [27804583:6839123278]
:OUTPUT ACCEPT [17583420:11965931541]
COMMIT
# Completed on Tue Jun 13 18:04:23 2006

2. It gives problem during connection in passive mode, and does not
list any folder contents and then obviously no download.

Looking Forward

Re: FTP and Masquerading

[Alexandru Dragoi]

Syed AbuBakr wrote:

> 1. Here is the out put of ip tables
> # Generated by iptables-save v1.3.5 on Tue Jun 13 18:04:23 2006
> *nat
> :PREROUTING ACCEPT [4089441:225469685]
> :POSTROUTING ACCEPT [655:225183]
> :OUTPUT ACCEPT [244915:14983380]
> -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
> 8080
> -A POSTROUTING -o eth1 -j MASQUERADE
> COMMIT
> # Completed on Tue Jun 13 18:04:23 2006
> # Generated by iptables-save v1.3.5 on Tue Jun 13 18:04:23 2006
> *filter
> :INPUT ACCEPT [16927662:11422086898]
> :FORWARD ACCEPT [27804583:6839123278]
> :OUTPUT ACCEPT [17583420:11965931541]
> COMMIT
> # Completed on Tue Jun 13 18:04:23 2006
>
> 2. It gives problem during connection in passive mode, and does not
> list any folder contents and then obviously no download.
>
> Looking Forward
>
You should not have any problem in passive mode, since there is no
filtering. You may need to load ip_nat_ftp for active mode.

FTP and Masquerading

[Syed AbuBakr]

I am  new to linux and need some guidance.
PROBLEM:
FTP is not working. My internal users can not connect external ftp and
vice versa.

SCENARIO:
1. I am using SQUID for proxy services.
 2. OS is FedoraCore 5
3. Using transparent proxy
4. Masquerading my out bound traffic.
5. All packages including kernel are same as they come with the
standard distro of FC-5
6. Install time Firewall is disabled, so i have only a couple of rules
in my ip tables.

I dont know how to recompile kernel or insert modules, So please do me
a favour and give me a step by step how to of it.

I'll be very gratefull to u. 'cuz i am stuck.
Thanx a lot

Re: FTP and Masquerading

[Pascal Hambourg]

Hello,

Syed AbuBakr a écrit :
> I am  new to linux and need some guidance.

http://www.netfilter.org/documentation/index.html#documentation-howto

> PROBLEM:
> FTP is not working. My internal users can not connect external ftp and
> vice versa.

See the NAT HOWTO section, § "7. Special Protocols".
Try to load the FTP connection tracking and NAT helper modules :
# modprobe ip_conntrack_ftp
# modprobe ip_nat_ftp

If it still does not work, you'll have to give more details.
What exactly in FTP does not work and how do you see it does not work ?
- Establish a control connection ?
- Download files (including directory listing) ?
- Upload files ?
- Passive mode, active mode ?
Are you internal users set up explicitly to use the proxy for FTP ?

> SCENARIO:
> 1. I am using SQUID for proxy services.

Which services ? HTTP only or also FTP ?

> 2. OS is FedoraCore 5
> 3. Using transparent proxy

Squid will do transparent proxy only for HTTP, so that should not 
concern FTP.

> 4. Masquerading my out bound traffic.
> 5. All packages including kernel are same as they come with the
> standard distro of FC-5
> 6. Install time Firewall is disabled, so i have only a couple of rules
> in my ip tables.

Which rules ? You can list them with the command 'iptables-save'.

> I dont know how to recompile kernel or insert modules, So please do me
> a favour and give me a step by step how to of it.

Hopefully you don't need to recompile anything. And there is no step by 
step procedure unless you give *full* information about your setup.