[4568] in linux-net channel archive
Re: IP Masquerading: No good for FTP?
daemon@ATHENA.MIT.EDU (Karl Anders Oygard)
Sat Sep 28 18:45:07 1996
To: ggoebel@ggoebel.sound.net
Cc: linux-net@vger.rutgers.edu
From: Karl Anders Oygard <Karl.Oygard@kjeller.fou.telenor.no>
Date: 28 Sep 1996 20:17:15 +0200
In-Reply-To: RHS Linux User's message of Fri, 27 Sep 1996 08:44:07 -0500 (CDT)
[RHS Linux User]
| I was under the impression that FTP runs on top of TCP so that it sh=
ould
| work just fine... only things like "ping", ICMP, or anything on top =
of
| UDP would be affected.
TCP has little to do with FTP being so hard to masquerade.
The problem with FTP is that when transferring data from the ftp server=
,
the server opens a new TCP connection to your host. Now, that doesn't =
work
well with masquerading, since the host that does the masquerading, does=
n't
know that this new connection has got anything to do with your FTP
transfer. Thus, the masquerading host has to actually look at the
negotiation between your ftp client and the ftp server, to see when and
where this reverse connection is going to take place.
Not sure if I got all that right, but this is all described in various =
RFC,
but what I suggest you do is that you use passive ftp instead. Passive=
ftp
uses one and only one connection during the whole session, and does not
require a reverse connection.
There are loads of passive ftp clients out there, ncftp being one of th=
em.
That being said, *have* you applied the ftp masquerading patch which
is available from the IP Masquerading page? Check out
<URL:http://hwy401.com/achau/ipmasq/>
Ciao,
Karl Anders =D8ygard
