jos not to know by everybody
2002-Jan-07 20:01 UTC
[Shorewall-users] passive ftp transfers on non standard ports
hello, I got a machine running RH 7.2 with shorewall 1.2.0, connected to a cable modem and my home network. when i used the standard configuration file''s for two interfaces, it worked like a charm, But (there is allways a but) i got 2 things iam trying to solve: 1. i dont seem to be able to use ftp passive transfer when using non-standard ports (ie: an ftp server on port 9000). 2. MSN file transfers.. i cant send myself, but i can receive. is there a solution to these problems?!? Jos Houtman _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
Tom Eastep
2002-Jan-07 20:30 UTC
[Shorewall-users] passive ftp transfers on non standard ports
On Monday 07 January 2002 12:01 pm, jos not to know by everybody wrote:> hello, > > I got a machine running RH 7.2 with shorewall 1.2.0, connected to a cable > modem and my home network. > > when i used the standard configuration file''s for two interfaces, it worked > like a charm, But (there is allways a but) i got 2 things iam trying to > solve: > > 1. i dont seem to be able to use ftp passive transfer when using > non-standard ports (ie: an ftp server on port 9000).You have to pass the non-standard ports to the ip_conntrack_ftp and=20 ip_nat_ftp modules. In your /etc/modules.conf file: options ip_nat_ftp ports=3D21,9000 options ip_conntrack_ftp ports=3D21,9000> > 2. MSN file transfers.. i cant send myself, but i can receive.No clue -- I don''t use MSN. Are you seeing any Shorewall messages logged? -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net -------------------------------------------
Steve Estes
2002-Jan-07 20:45 UTC
[Shorewall-users] passive ftp transfers on non standard ports
msn does direct connects for file transfer and voice connections. When your friend sends you a file, his machine sends you his external ip to connect to. So long as your friend is not behind a firewall, this works fine. When you try to send a file to your friend, your machine sends your internal ip to your friend''s machine which he cannot connect to. Since this ip is sent as part of the transfer data, the NATing of the firewall does not see it and correct it. Voice seems to do a connection in each direction so even if only one of you is behind a firewall you can''t connect. But so long as only one of you is behind a firewall, I find that AOL''s AIM can still transfer files and do voice chat. If you are both behind firewalls, you are screwed for AIM and MSN. I don''t know if ICQ can do file/voice transfers through firewalls or not. My friend and I are currently both behind shorewall firewalls so we are working to get FreeS/WAN to connect our two networks together in one happy WAN at which point we believe the MSG/AIM connections will once again work.. Steve ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "jos not to know by everybody" <macaronipizza@hotmail.com>; <shorewall-users@shorewall.net> Sent: Monday, January 07, 2002 3:30 PM Subject: Re: [Shorewall-users] passive ftp transfers on non standard ports On Monday 07 January 2002 12:01 pm, jos not to know by everybody wrote:> hello, > > I got a machine running RH 7.2 with shorewall 1.2.0, connected to a cable > modem and my home network. > > when i used the standard configuration file''s for two interfaces, itworked> like a charm, But (there is allways a but) i got 2 things iam trying to > solve: > > 1. i dont seem to be able to use ftp passive transfer when using > non-standard ports (ie: an ftp server on port 9000).You have to pass the non-standard ports to the ip_conntrack_ftp and ip_nat_ftp modules. In your /etc/modules.conf file: options ip_nat_ftp ports=21,9000 options ip_conntrack_ftp ports=21,9000> > 2. MSN file transfers.. i cant send myself, but i can receive.No clue -- I don''t use MSN. Are you seeing any Shorewall messages logged? -Tom -- Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net ------------------------------------------- _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users
Niclas Andersson
2002-Jan-07 21:18 UTC
[Shorewall-users] passive ftp transfers on non standard ports
In ICQ there is an option to enter your own ports for transfers. It''s under Main, Preferences and Connection. And with those known ports it''s easy to configure Shorewall. From there you shoud get it to work, otherwise contact me. //Niclas At 21:45 2002-01-07, Steve Estes wrote:>and MSN. I don''t know if ICQ can do file/voice transfers through firewalls >or not. My friend and I are currently both behind shorewall firewalls so we >are working to get FreeS/WAN to connect our two networks together in one >happy WAN at which point we believe the MSG/AIM connections will once again >work.. > >Steve