ipchains and masquerading
Hi, I´m using S.u.S.E. Linx 6.1 with ipchains as a firewall. I´ve got a problem using ftp through the firewall from a private network using IP´s 192.168.x.x. If I connect to an ftp-Server I can login, but if I use commands like "ls" (which is using the PORT Command) I always get error 500 ("500 Invalid PORT Command. ftp: bind: Address already in use") or 501 ("501 IP Address for data destination doesn't match client's. ftp: bind: Address already in use"). This happens only, if masquerading is used. If I use ftp from a computer which got a official IP, everything works fine. Does anyone got an idea or a solution of this problem?? Thx in advance for your help. Rene P.S.: port number 20 and 21 are open to outwards.
Just try insmod ip_masq_ftp and be sure that the ip masq special modules are make as modules ... Rene Bangemann wrote:
Hi,
I´m using S.u.S.E. Linx 6.1 with ipchains as a firewall. I´ve got a problem using ftp through the firewall from a private network using IP´s 192.168.x.x. If I connect to an ftp-Server I can login, but if I use commands like "ls" (which is using the PORT Command) I always get error 500 ("500 Invalid PORT Command. ftp: bind: Address already in use") or 501 ("501 IP Address for data destination doesn't match client's. ftp: bind: Address already in use").
This happens only, if masquerading is used. If I use ftp from a computer which got a official IP, everything works fine. Does anyone got an idea or a solution of this problem??
Thx in advance for your help.
Rene
P.S.: port number 20 and 21 are open to outwards.
-- _______________________________________ Markus Gaugusch markus@gaugusch.dhs.org ICQ-ID: 11374583 [www.mirabilis.com]
On Wed, 17 Nov 1999, Rene Bangemann wrote:
Hi,
I�m using S.u.S.E. Linx 6.1 with ipchains as a firewall. I�ve got a problem using ftp through the firewall from a private network using IP�s 192.168.x.x. If I connect to an ftp-Server I can login, but if I use commands like "ls" (which is using the PORT Command) I always get error 500 ("500 Invalid PORT Command. ftp: bind: Address already in use") or 501 ("501 IP Address for data destination doesn't match client's. ftp: bind: Address already in use").
This happens only, if masquerading is used. If I use ftp from a computer which got a official IP, everything works fine. Does anyone got an idea or a solution of this problem??
I had the same problem with my SuSE 5.2 firewall. You need to insert the ip_masq_ftp module. try: root# insmod /lib/modules/`uname -r`/ipv4/ip_masq_ftp.o (I'm running ipfwadm BTW) cog -- ,------------------------------, ,==================| S H U N A N T I O N L I N E |=================, | David M. Webster '------------------------------' (aka cogNiTioN) | |===| I use Linux everyday to up my productivity - so up yours! |===| |=================|-| PGP KeyID: 0x 45 FA C2 83 |-|=================| | <cognition@bigfoot.com> |-|===========|-| http://www.cognite.net/ | `===========| I walk to the beat of a different drummer |==========='
participants (3)
-
cognition@bigfoot.com -
Markus Gaugusch -
Rene Bangemann