LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-26-2001, 04:18 AM   #1
stalin
LQ Newbie
 
Registered: Jun 2001
Posts: 2

Rep: Reputation: 0
Question ip_masq_ftp


Last year i put up a RH7.0 gateway using ipchains. In order to get ftp working from the inside LAN i used the line /sbin/modprobe ip_masq_ftp in rc.local together with the ipchain-ruleset.
Now i try to do the same thing on a RH7.1 machine, but the module ip_masq_ftp is nowhere to be found. i checked in the source code for the .c file and found nothing. Does someone know what went wrong? is the module replaced by another.
Thanks in advance! Staffan Lindfors Falun, Sweden
 
Old 06-26-2001, 07:24 AM   #2
raz
Member
 
Registered: Apr 2001
Location: London
Posts: 408

Rep: Reputation: 31
Hi,

Basically without the passive FTP Mod, the server attempts to connect with a passive tunnel from the local internal system, which the FTP server can't connect back on, as it's not the original address due to the IP NAT.

ps. DCC means direct client-to-client, and refers to a method used in IRC that bypasses the use of channels, providing a direct link between two IRC users' computers. DCC chat is a direct communications link, while DCC send and DCC receive are direct file transfers.

Check this out on what you need to look into for 7.1
/Raz

Taken from: http://www.boingworld.com/workshops/...-tutorial/#4.1

4.1 Passive FTP but no DCC, extra read for the interested

This is one of the really nice parts about the new iptables support in the 2.4.x kernels, you can for example allow Passive FTP connections, but not allow DCC send functions with the new state matching code. You may ask yourself how, well, its quite simple once you get to think of it=). Just compile the ip_conntrack_irc and ip_conntrack_ftp modules in the kernel. What these modules does is that they add support to the conntrack module so it can distinguish an passive FTP connection or an DCC send connection, without these modules they can't recognize these connections. If you for example want to allow passive FTP, but not DCC send, you would load the ip_conntrack_ftp module, but not the ip_conntrack_irc module and then do:

/sbin/iptables -A INPUT -p TCP -m state --state RELATED -j ACCEPT

to allow passive FTP but not DCC. If you would want to do the reversed, you'd just load the ip_conntrack_irc module, but not the ip_conntrack_ftp module.
 
Old 06-26-2001, 03:35 PM   #3
jrmann1999
Member
 
Registered: Feb 2001
Location: Texas
Distribution: Slackware, Mandrake, LFS
Posts: 306

Rep: Reputation: 30
Hmmm....how in he** do you enable the ip_conntrack_irc module? I have looked at seemingly EVERY module in the kernel and don't see anything but the ip_conntrack_ftp module, any chance anyone knows the EXACT config needed to get this option allowed?

J
 
Old 06-26-2001, 03:49 PM   #4
jrmann1999
Member
 
Registered: Feb 2001
Location: Texas
Distribution: Slackware, Mandrake, LFS
Posts: 306

Rep: Reputation: 30
Of course, the stock 2.4.5 kernel doesn't contain the newest iptables code, why didn't I know that(does anyone else see the hint of sarcasm). For those that care do:

# make patch-o-matic KERN_DIR=/usr/src/linux

from the iptables source, hope this helps someone in need(it's why I posted a sort of detailed solution).

J
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ip_masq_ftp ry Linux - General 0 05-06-2002 12:01 AM
Help wanted: IPTables / ip_masq_ftp vjeronimus Linux - Networking 1 10-12-2001 01:21 PM
Connection Refused and ip_masq_ftp ivannus Linux - Networking 1 06-14-2001 10:45 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration