On Thu, Mar 15, Stephan Beirer wrote:
Hi List,
I have a problem with our masquerading firewall: I use the same configuration on two different machines which route for two networks (one SuSE 7.0 kernel 2.2.16 connected to a isdn device and one SuSE 7.1 kernel 2.2.18 acting as ADSL router). The script (which is called by ip-up) is taken from an article in the german computer magazine "ct" (24/00).
On both machines it works quite fine except for two problems:
http: Some websites can't be accessed on Windows98 machines. I don't think it's the MTU problem, I once set it to the correct value [unfortunately I can't check this right now] and most websites can be shown
ftp: Some servers make problems: Either the download always hangs at the last few (kilo)bytes or the ftp server fails to open the data connection (login is possible but connection hangs when doing a "ls").It seems to be a problem with masquerading: in my logfiles I can see that ipchains denies incoming connections from port 20 of the remote ftpserver. The module ip_masq_ftp is loaded and it works without any problems for many other servers.
Incoming connections on port 20 means that active ftp was attempted - it's not an error if the firewall blocks that. Actually I think it should do that. Using the commandline ftp-client on 7.1 I had a similar problem regarding the ls: "data connection already active" and nothing else happend. Typing "epsv4" at the ftp-prompt before issuing any other command took care of that. (Type "help" at the ftp-commandprompt to see the possible commands.)
It would be nice if someone could give me some hints..
Hope it was of some use ...
Björn
--
Dr. Björn Lotz