ftp from internet through IP Masquerade

ftp from internet through IP Masquerade

Post by peter fiel » Wed, 19 Mar 1997 04:00:00



I have a PC connected to the Internet via a second PC running Linux
Slackware 2.0 with IP Masquerading.

I can FTP out to the Internet in both passive (Netscape) and active
modes. However, I would like to allow FTP access from the Internet to my
PC. Has anyone written some code to allow this to work ?

Looking at the Linux source code (ip_masq_ftp.c), active FTP only works
because the s/w looks for data containing the FTP command "PORT" and
then makes a masquerade entry for it - otherwise this mode wouldn't work
!

To allow FTP from the Internet would probably require a program like
"redir" to allow connection to port 21 (FTP control port) and then
additional code to check for the FTP commands "PORT" and "Entering
Passive Mode" to support the data connections.

"redir" to port 21 with the current Linux code does not work, I think
this is because the PORT command contains an IP address (internet
address) which does not match the source address that the was used in
the control  session (IP address of Masquerade box). I can see the logon
process taking place OK but as soon as the PORT command is sent the
response is always "Invalid PORT command".  

-----------------------------------------------------------------------
Peter Field                      Australia

-----------------------------------------------------------------------

 
 
 

ftp from internet through IP Masquerade

Post by Tim Rike » Wed, 19 Mar 1997 04:00:00


You would need unique valid IP addresses for the internal network. Do
you have these? You will need to have your ISP routing to these
addresses as well. Is this the case? If not, your out of luck for
incoming FTP to anything other the the firewall itself as far as I can
tell.

What I do: I telnet to the firewall, and then from there to the machine
behind the firewall. I then ftp FROM there to the internet site and grab
the files. This works ok.

Note: your Reply-To address contains an invalid mail address. (your
snail-mail address). It should contain your preferred e-mail address.


> I have a PC connected to the Internet via a second PC running Linux
> Slackware 2.0 with IP Masquerading.

> I can FTP out to the Internet in both passive (Netscape) and active
> modes. However, I would like to allow FTP access from the Internet to my
> PC. Has anyone written some code to allow this to work ?

> Looking at the Linux source code (ip_masq_ftp.c), active FTP only works
> because the s/w looks for data containing the FTP command "PORT" and
> then makes a masquerade entry for it - otherwise this mode wouldn't work
> !

> To allow FTP from the Internet would probably require a program like
> "redir" to allow connection to port 21 (FTP control port) and then
> additional code to check for the FTP commands "PORT" and "Entering
> Passive Mode" to support the data connections.

> "redir" to port 21 with the current Linux code does not work, I think
> this is because the PORT command contains an IP address (internet
> address) which does not match the source address that the was used in
> the control  session (IP address of Masquerade box). I can see the logon
> process taking place OK but as soon as the PORT command is sent the
> response is always "Invalid PORT command".

> -----------------------------------------------------------------------
> Peter Field                      Australia

> -----------------------------------------------------------------------

--
Tim Riker - http://webspirs.silverplatter.com/~timr/ - short SIGs! <g>

 
 
 

ftp from internet through IP Masquerade

Post by cyberw » Thu, 20 Mar 1997 04:00:00




Quote:> I have a PC connected to the Internet via a second PC running Linux
> Slackware 2.0 with IP Masquerading.

> I can FTP out to the Internet in both passive (Netscape) and active
> modes. However, I would like to allow FTP access from the Internet to my
> PC. Has anyone written some code to allow this to work ?

Look for a package called IPAUTOFW.  It is a patch and a utility for 2.0.0
kernels to redirect incoming sessions to a machine behind the firewall.
Look for it on the masq HOWTO as listed on the linux doc project page at
http://sunsite.unc.edu/linux .

Ken Eves

 
 
 

ftp from internet through IP Masquerade

Post by Michael Deroussel » Thu, 20 Mar 1997 04:00:00


>> I can FTP out to the Internet in both passive (Netscape) and active
>> modes. However, I would like to allow FTP access from the Internet to my
>> PC. Has anyone written some code to allow this to work ?

>> Looking at the Linux source code (ip_masq_ftp.c), active FTP only works
>> because the s/w looks for data containing the FTP command "PORT" and
>> then makes a masquerade entry for it - otherwise this mode wouldn't work
>> !

>> To allow FTP from the Internet would probably require a program like
>> "redir" to allow connection to port 21 (FTP control port) and then
>> additional code to check for the FTP commands "PORT" and "Entering
>> Passive Mode" to support the data connections.

>> "redir" to port 21 with the current Linux code does not work, I think
>> this is because the PORT command contains an IP address (internet
>> address) which does not match the source address that the was used in
>> the control  session (IP address of Masquerade box). I can see the logon
>> process taking place OK but as soon as the PORT command is sent the
>> response is always "Invalid PORT command".

>> -----------------------------------------------------------------------
>> Peter Field                      Australia

>> -----------------------------------------------------------------------