IP Masquerading almost fully functioning!

IP Masquerading almost fully functioning!

Post by Hegge » Wed, 16 Jul 1997 04:00:00



Hi again,

I posted some masquerading problems this morning. By now I've accomplished
to get things to work almost!!! Not totally.

I found out, that due to some changes in the linux 2.0.30-kernel the
ipfwadm couldn't function good. So I compiled a version 2.0.29. I tried to
invoke the ipfwadm-commands again. And it didn't gave any errors.

The only problem is, that ftp still isn't functioning properly.
I can establish a connection and login from the subnet, but once I try to
get a directory-listing, no data-connection can be established.

Does anyone have the answer??

Is ip-masquerading also giving troubles with other ports??? If so, how can
I get those to work? I've read about compiling some extra modules.....

I hope someone can help me, I'm trying to get this all to work before this
weekend, because then I've got a presentation.

Thanks in advance for all the help I receive.

Bye,

Hegget

 
 
 

IP Masquerading almost fully functioning!

Post by GW » Wed, 16 Jul 1997 04:00:00


: The only problem is, that ftp still isn't functioning properly.
: I can establish a connection and login from the subnet, but once I try to
: get a directory-listing, no data-connection can be established.

You'll need to compile ftp masquerading support into the kernel; do a make config
again and re-compile.. [you may wish to compile them as modules].

-Greg

: Does anyone have the answer??

: Is ip-masquerading also giving troubles with other ports??? If so, how can
: I get those to work? I've read about compiling some extra modules.....

irc support is available, as well as some others at the moment..

: I hope someone can help me, I'm trying to get this all to work before this
: weekend, because then I've got a presentation.

: Thanks in advance for all the help I receive.

: Bye,

: Hegget

 
 
 

IP Masquerading almost fully functioning!

Post by Bob Hau » Wed, 16 Jul 1997 04:00:00




Quote:> The only problem is, that ftp still isn't functioning properly.

Install the ip_masq_ftp module.

Quote:> Is ip-masquerading also giving troubles with other ports??? If so,
> how can I get those to work? I've read about compiling some extra
> modules.....

Yes, anything that opens a connection back to the originator is
going to have trouble.  There are modules for realaudio, ftp, and
irc at least.

If you select Masqerading when you compile your kernel, then do
a "make modules; make modules_install", it will compile those
mystery modules and put them into /lib/modules/<version>/ipv4.
Then you use "insmod" to load them.

---

 Wasatch Communications Group               http://www.wasatch.com

 
 
 

IP Masquerading almost fully functioning!

Post by Miguel A. River » Fri, 18 Jul 1997 04:00:00


I am having the same problem. I install the module but is does not help. I
am running on an Linux Alpha. Does anybody know if this is an alpha only
problem?

Here is what I get when I do an 'ls':

Jun 24 01:04:03 EDT 1997) ready.
User (sunsite.unc.edu:(none)): ftp
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> ls
500 Illegal PORT Command
425 Can't build data connection: Connection refused.
ftp>

Any help is greatly appreciated,
Thank you,
Miguel Rivera



Quote:> Hi again,

> I posted some masquerading problems this morning. By now I've
accomplished
> to get things to work almost!!! Not totally.

> I found out, that due to some changes in the linux 2.0.30-kernel the
> ipfwadm couldn't function good. So I compiled a version 2.0.29. I tried
to
> invoke the ipfwadm-commands again. And it didn't gave any errors.

> The only problem is, that ftp still isn't functioning properly.
> I can establish a connection and login from the subnet, but once I try to
> get a directory-listing, no data-connection can be established.

> Does anyone have the answer??

> Is ip-masquerading also giving troubles with other ports??? If so, how
can
> I get those to work? I've read about compiling some extra modules.....

> I hope someone can help me, I'm trying to get this all to work before
this
> weekend, because then I've got a presentation.

> Thanks in advance for all the help I receive.

> Bye,

> Hegget

 
 
 

IP Masquerading almost fully functioning!

Post by » Fri, 18 Jul 1997 04:00:00



> I am having the same problem. I install the module but is does not help. I
> am running on an Linux Alpha. Does anybody know if this is an alpha only
> problem?

> Here is what I get when I do an 'ls':

> Jun 24 01:04:03 EDT 1997) ready.
> User (sunsite.unc.edu:(none)): ftp
> 331 Guest login ok, send your complete e-mail address as password.
> Password:
> 230 Guest login ok, access restrictions apply.
> ftp> ls
> 500 Illegal PORT Command
> 425 Can't build data connection: Connection refused.
> ftp>

> Any help is greatly appreciated,
> Thank you,
> Miguel Rivera


The problem is not in the masquerading, that part is working fine.  The
problem is the FTP protocol itself.
When you establish a connection to an ftp server, it is on port 21.
This socket is called the control connection.  Of course this is a
bi-directional socket because you see the output from the ftp server.
However, when the control connection asks for the remote server to
execute a command, such as 'ls', the ftp client also tells the server
"hey, send me the listing on port x".  Where port x is an arbitrary
port, used only for that specific data.  This also happens whenever a
file is requested.  That socket is called the data connection.
  The problem here, is that the server tries talking to the machine
running the masquerading kernel, which of course doesn't know a thing
about this incoming connection from the ftp server, so the connection is
being refused by your masquerading box and not the machine running ftp.
Which is exactly what should be happening.
  The way you can get around this is to use an ftp client which uses the
PASV transfer method.  Netscape does this all the time, and you may have
noticed that it works just fine for anonymous ftp.  The PASV, or
passive, method tells the remote server to use the existing socket for
all transactions (one socket doubles as the control and data
connections).
  If you really wanted to dig into the RFC's you could probably type in
the proper commands at the ftp prompt, but I'm not sure how to do that.
  I hope this has removed a great deal of confusion. :)

- Show quoted text -



> > Hi again,

> > I posted some masquerading problems this morning. By now I've
> accomplished
> > to get things to work almost!!! Not totally.

> > I found out, that due to some changes in the linux 2.0.30-kernel the
> > ipfwadm couldn't function good. So I compiled a version 2.0.29. I tried
> to
> > invoke the ipfwadm-commands again. And it didn't gave any errors.

> > The only problem is, that ftp still isn't functioning properly.
> > I can establish a connection and login from the subnet, but once I try to
> > get a directory-listing, no data-connection can be established.

> > Does anyone have the answer??

> > Is ip-masquerading also giving troubles with other ports??? If so, how
> can
> > I get those to work? I've read about compiling some extra modules.....

> > I hope someone can help me, I'm trying to get this all to work before
> this
> > weekend, because then I've got a presentation.

> > Thanks in advance for all the help I receive.

> > Bye,

> > Hegget

 
 
 

IP Masquerading almost fully functioning!

Post by Eliezio Batist » Sat, 19 Jul 1997 04:00:00




> > I am having the same problem. I install the module but is does not
> help. I
> > am running on an Linux Alpha. Does anybody know if this is an alpha
> only
> > problem?

> > Here is what I get when I do an 'ls':

> > Jun 24 01:04:03 EDT 1997) ready.
> > User (sunsite.unc.edu:(none)): ftp
> > 331 Guest login ok, send your complete e-mail address as password.
> > Password:
> > 230 Guest login ok, access restrictions apply.
> > ftp> ls
> > 500 Illegal PORT Command
> > 425 Can't build data connection: Connection refused.
> > ftp>

> > Any help is greatly appreciated,
> > Thank you,
> > Miguel Rivera

> The problem is not in the masquerading, that part is working fine.
> The
> problem is the FTP protocol itself.
> When you establish a connection to an ftp server, it is on port 21.
> This socket is called the control connection.  Of course this is a
> bi-directional socket because you see the output from the ftp server.
> However, when the control connection asks for the remote server to
> execute a command, such as 'ls', the ftp client also tells the server
> "hey, send me the listing on port x".  Where port x is an arbitrary
> port, used only for that specific data.  This also happens whenever a
> file is requested.  That socket is called the data connection.
>   The problem here, is that the server tries talking to the machine
> running the masquerading kernel, which of course doesn't know a thing
> about this incoming connection from the ftp server, so the connection
> is
> being refused by your masquerading box and not the machine running
> ftp.
> Which is exactly what should be happening.
>   The way you can get around this is to use an ftp client which uses
> the
> PASV transfer method.  Netscape does this all the time, and you may
> have
> noticed that it works just fine for anonymous ftp.  The PASV, or
> passive, method tells the remote server to use the existing socket for

> all transactions (one socket doubles as the control and data
> connections).
>   If you really wanted to dig into the RFC's you could probably type
> in
> the proper commands at the ftp prompt, but I'm not sure how to do
> that.
>   I hope this has removed a great deal of confusion. :)



> > > Hi again,

> > > I posted some masquerading problems this morning. By now I've
> > accomplished
> > > to get things to work almost!!! Not totally.

> > > I found out, that due to some changes in the linux 2.0.30-kernel
> the
> > > ipfwadm couldn't function good. So I compiled a version 2.0.29. I
> tried
> > to
> > > invoke the ipfwadm-commands again. And it didn't gave any errors.

> > > The only problem is, that ftp still isn't functioning properly.
> > > I can establish a connection and login from the subnet, but once I
> try to
> > > get a directory-listing, no data-connection can be established.

> > > Does anyone have the answer??

> > > Is ip-masquerading also giving troubles with other ports??? If so,
> how
> > can
> > > I get those to work? I've read about compiling some extra
> modules.....

> > > I hope someone can help me, I'm trying to get this all to work
> before
> > this
> > > weekend, because then I've got a presentation.

> > > Thanks in advance for all the help I receive.

> > > Bye,

> > > Hegget

   The module ip_masq_ftp can do it automagically for you. Just include
it your rc.inet1:

/sbin/modprobe ip_masq_ftp

Good luck

----------
Eliezio Batista
Network Administrator / Systems Programmer

 
 
 

IP Masquerading almost fully functioning!

Post by Eliezio Batist » Sat, 19 Jul 1997 04:00:00




> > I am having the same problem. I install the module but is does not
> help. I
> > am running on an Linux Alpha. Does anybody know if this is an alpha
> only
> > problem?

> > Here is what I get when I do an 'ls':

> > Jun 24 01:04:03 EDT 1997) ready.
> > User (sunsite.unc.edu:(none)): ftp
> > 331 Guest login ok, send your complete e-mail address as password.
> > Password:
> > 230 Guest login ok, access restrictions apply.
> > ftp> ls
> > 500 Illegal PORT Command
> > 425 Can't build data connection: Connection refused.
> > ftp>

> > Any help is greatly appreciated,
> > Thank you,
> > Miguel Rivera

> The problem is not in the masquerading, that part is working fine.
> The
> problem is the FTP protocol itself.
> When you establish a connection to an ftp server, it is on port 21.
> This socket is called the control connection.  Of course this is a
> bi-directional socket because you see the output from the ftp server.
> However, when the control connection asks for the remote server to
> execute a command, such as 'ls', the ftp client also tells the server
> "hey, send me the listing on port x".  Where port x is an arbitrary
> port, used only for that specific data.  This also happens whenever a
> file is requested.  That socket is called the data connection.
>   The problem here, is that the server tries talking to the machine
> running the masquerading kernel, which of course doesn't know a thing
> about this incoming connection from the ftp server, so the connection
> is
> being refused by your masquerading box and not the machine running
> ftp.
> Which is exactly what should be happening.
>   The way you can get around this is to use an ftp client which uses
> the
> PASV transfer method.  Netscape does this all the time, and you may
> have
> noticed that it works just fine for anonymous ftp.  The PASV, or
> passive, method tells the remote server to use the existing socket for

> all transactions (one socket doubles as the control and data
> connections).
>   If you really wanted to dig into the RFC's you could probably type
> in
> the proper commands at the ftp prompt, but I'm not sure how to do
> that.
>   I hope this has removed a great deal of confusion. :)



> > > Hi again,

> > > I posted some masquerading problems this morning. By now I've
> > accomplished
> > > to get things to work almost!!! Not totally.

> > > I found out, that due to some changes in the linux 2.0.30-kernel
> the
> > > ipfwadm couldn't function good. So I compiled a version 2.0.29. I
> tried
> > to
> > > invoke the ipfwadm-commands again. And it didn't gave any errors.

> > > The only problem is, that ftp still isn't functioning properly.
> > > I can establish a connection and login from the subnet, but once I
> try to
> > > get a directory-listing, no data-connection can be established.

> > > Does anyone have the answer??

> > > Is ip-masquerading also giving troubles with other ports??? If so,
> how
> > can
> > > I get those to work? I've read about compiling some extra
> modules.....

> > > I hope someone can help me, I'm trying to get this all to work
> before
> > this
> > > weekend, because then I've got a presentation.

> > > Thanks in advance for all the help I receive.

> > > Bye,

> > > Hegget

   The module ip_masq_ftp can do it automagically for you. Just include
it your rc.inet1:

/sbin/modprobe ip_masq_ftp

Good luck

----------
Eliezio Batista
Network Administrator / Systems Programmer

 
 
 
Top

IP Masquerading almost fully functioning!

Post by Grusde » Wed, 30 Jul 1997 04:00:00


;Hi again,

;I posted some masquerading problems this morning. By now I've accomplished
;to get things to work almost!!! Not totally.

;I found out, that due to some changes in the linux 2.0.30-kernel the
;ipfwadm couldn't function good. So I compiled a version 2.0.29. I tried to
;invoke the ipfwadm-commands again. And it didn't gave any errors.

;The only problem is, that ftp still isn't functioning properly.
;I can establish a connection and login from the subnet, but once I try to
;get a directory-listing, no data-connection can be established.

        %make modules; make modules_install
        %insmod /lib/modules/2.0.29/ipv4/ip_masq_ftp.o
        %insmod /lib/ ...               /ip_masq_irc.o

        and all fine

;Bye,

;Hegget

 
 
 

1. IP-Masquerading almost perfect

I have setup IP-Masq on a new linux machine (386) I have two other
machines. - a p75 dual boot linux, and win 95, and another windows 95
machine.  I initially had some difficulty with the Routing table on the
386.  I got that squared away, and all is working fine, accept I cannot
connect to a quake server anywhere in either 95 or linux.  I get
connection accepted...  then it just hangs.  I beleive that quake talks
UDP, and connects on either port 26000 or 27000 depending on the server
side setup.  If anyone has also experienced this difficulty, I would
appreciate any suggestions you may have.  Thank you for your time.
--
Darren L. Ankney
-------------------------------

"Only surround yourself with people who know about stuff you don't"
-------------------------------

2. Linux "Home"

3. ip masquerade almost

4. serial terminalr

5. Please help - IP Masquerade *almost* working

6. Summary of answers: feeding CFLAGS of "make CFLAGS=-g" to sub-makes

7. IP Masquerading almost working - help

8. Newbie Glossary

9. IP Masquerading almost successful

10. IP for masqueraded net other than masquerading host IP

11. IP Masquerading Function...

12. WARNING: terminal is not fully function msg

13. IP Masquerading works, but does not masquerade from within the local network