From: gypsy <gypsy@iswest.com>
To: netfilter@lists.netfilter.org
Subject: Re: Passive FTP sees remote's _internal_ IP!!??
Date: Tue, 28 Nov 2006 01:14:33 -0800 [thread overview]
Message-ID: <456BFDF9.AD6CEF5D@iswest.com> (raw)
In-Reply-To: 456B57FA.5020000@plouf.fr.eu.org
gypsy wrote:
> >>>When the default GW is set to the linux box (192.168.223.254) and
> >>>passive FTP to a remote server is initiated, the FTP fails after
> >>>connection because the internal IP of the remote machine (192.168.1.11)
> >>>is seen rather than its external IP. This problem occurs only when
> >>>passive FTP is used.
We created a workaround for this by forcing all FTP to be active, not
passive. We did this with jftpgw (
http://www.mcknight.de/jftpgw/jftpgw-0.13.5.tar.gz ) with a transparent
proxy setup.
This is the configuration:
#!/bin/sh
./configure \
"--prefix=/usr" \
"--sysconfdir=/etc" \
"--localstatedir=/var" \
"--enable-crypt" \
"--enable-libwrap" \
"--with-logpath=/var/log" \
"$@"
make all install
And the jftpgw.conf:
<global>
serverport 21
defaultmode active
debuglevel 8
changeroot never
dropprivileges startsetup
runasuser nobody
loginstyle 0
logintime user
commandtimeout 60
dnslookups no
forwardlookups no
hostcachetimeout 28800
initialsyst yes
reverselookups no
strictasciiconversion on
syslogfacility daemon
transfertimeout 120
transparent-proxy on
welcomeline .
</global>
<servertype standalone>
listen 192.168.223.254:2370
logstyle files
logfile /var/log/jftpgw.log
pidfile /var/run/jftpgw.pid
</servertype>
<servertype inetd>
logstyle syslog
</servertype>
<from 0.0.0.0/0>
access deny
</from>
<from 192.168.223.0/24>
access allow
</from>
And the iptables line:
iptables -t nat -A PREROUTING -p tcp -s 192.168.223.0/24 --dport 21 -j
DNAT --to 192.168.223.254:2370
--
gypsy
next prev parent reply other threads:[~2006-11-28 9:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20061127184454.0BD73DB@brinstar.nerim.net>
2006-11-27 21:26 ` Passive FTP sees remote's _internal_ IP!!?? Pascal Hambourg
2006-11-28 4:46 ` gypsy
2006-11-28 18:09 ` Maxime Ducharme
2006-11-28 22:36 ` Pascal Hambourg
2006-11-28 9:14 ` gypsy [this message]
2006-11-27 15:32 gypsy
2006-11-27 15:37 ` David Sims
2006-11-27 18:39 ` Maxime Ducharme
-- strict thread matches above, loose matches on Subject: below --
2006-11-26 9:01 gypsy
2006-11-26 20:18 ` William Lima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=456BFDF9.AD6CEF5D@iswest.com \
--to=gypsy@iswest.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox