Transparent proxy not really transparent??

Transparent proxy not really transparent??

Post by Matt Sieme » Thu, 22 Apr 1999 04:00:00


I'm running kernel 2.2.3 which is configured to run as a transparent
proxy and do masquerading, routing traffic between the
internet and my internal network.  The forwarding rules are set up so that
there are no restrictions on what can come in or go out.  Eveything seems to
work great EXCEPT ftp.

When I'm on a workstation on the inside network and I want to ftp out,
sometimes I will get problems displaying a directory listing of the site
I'm connected to.  Other times, I can connect fine and everything displays,
but downloading is unreliable.  For example, if I try to
download a file in Netscape from a site that I'm connected to on the
internet, generally what happens is the transfer will reach 99% or 100%
but will not transfer the last few bytes -- it will just hang and not
complete the transfer.  But othertimes it will work fine, it seems to vary
from site to site.  

Does anyone know what could be causing this to happen?  Again, I'm not
rescricting any ports from coming in or going out and everything else
seems to work great.

Can anyone shed some light on this?  Any info would be very much



Transparent proxy not really transparent??

Post by Alan J. Wyli » Thu, 22 Apr 1999 04:00:00

[about problems with ftp and masquerading]

ftp is rather different from other protocols, in that in normal
mode, you send a request out on port 21, and the remote server
opens a return connection back to port 20, in your case on
the firewall. By default, the firewall does not know that
this connection must be passed back to the client that is
being masquerading.

insmod ip_masq_ftp

will set up a special module to do this.

You can also use PASV ftp mode, in which both the connections
are set up by the client.