|
On Tue, May 01, 2001 at 02:44:51PM +0000, Julian Anastasov wrote:
>
> Hello,
>
> On Tue, 1 May 2001, Wenzhuo Zhang wrote:
>
> > On Tue, May 01, 2001 at 01:03:10PM +0000, Julian Anastasov wrote:
> > >
> > > The FTP support in 2.2 is only as module. Starting from 2.2.19
> > > there are more restrictions, the following module parameter is required:
> > >
> > > modprobe ip_masq_ftp in_ports=21
> > >
> >
> > I've been using 2.2.19 on my dialup masquerading box for quite some
> > time. It doesn't seem to me that the option is required, whether in
> > PASV or PORT mode.
>
> Is FTP working with NAT-ed real servers without this option?
Yes. We can actually get ftp to work in NAT mode without using the
ip_masq_ftp module. The trick is to tell the real ftp servers to use
the VIP as the passive address for connections from outside; e.g. in
wu-ftpd, add the following lines to the /etc/ftpaccess:
passive address RIP <localnet>
passive address 127.0.0.1 127.0.0.0/8
passive address VIP 0.0.0.0/0
Of course, the ftp virtual service has to be persistent port 0.
--
Wenzhuo
|
