|
Hello,
On Wed, 23 May 2001, Joseph Mack wrote:
> Jeremy Kusnetz wrote:
> >
>
> although Julian says that all you need with VS-NAT and ftp
> is the ip_masq_ftp module, it doesn't work for me
> (director 2.2.19-1.0.7 with ip_masq_ftp in_ports=21)
> my ftp client just hangs.
Hm, what a day, let's try them tomorrow :)
> hey Julian we need to go have a beer and talk about this.
>
>
> I run these rules on the director and ftp works fine
>
> ipchains -A forward -p tcp -J MASQ -s RIP ftp -d 0.0.0.0/0
> ipchains -A forward -p tcp -J MASQ -s RIP ftp-data -d 0.0.0.0/0
> ipchains -A forward -p tcp -J MASQ -s RIP 1025:65535 -d 0.0.0.0/0
-j instead of -J
1024:65535 instead of 1025:65535
These rules are risky. What happens with ICMP? It is not
masqueraded. I hope there is similar rule for ICMP.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
