MWalter
asked on
FTP behind Masq firewall
Hello All,
I am running a Redhat 6.0, currently kernel 2.2.5-15 but getting ready to upgrade.
1) The system is set up to masq traffic from my internal network.
2) Accept VPN traffic from MS Clients.
3) Act as a firewall.
Everything works wonderfully with one exception.... FTP
Whenever anyone on the local net attempts to ftp from a browser it hangs and eventually times out. Attempts to ftp from the command line in NT can connect, but as soon as a file is requested or an ls is issued the system hangs. Here is an example:
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
And it basically hangs indefinetly at the opening data connection part.
My firewall setting in order with regards to this problem are:
ipchains -M -S 14400 30 300
/sbin/modprobe ip_masq_ftp.o
ipchains -A forward -i $INTERNET_NIC -d $INTERNET_NET -s $LOCAL_NET -j MASQ
Has anyone encountered and/or resolved this problem?
I am running a Redhat 6.0, currently kernel 2.2.5-15 but getting ready to upgrade.
1) The system is set up to masq traffic from my internal network.
2) Accept VPN traffic from MS Clients.
3) Act as a firewall.
Everything works wonderfully with one exception.... FTP
Whenever anyone on the local net attempts to ftp from a browser it hangs and eventually times out. Attempts to ftp from the command line in NT can connect, but as soon as a file is requested or an ls is issued the system hangs. Here is an example:
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
And it basically hangs indefinetly at the opening data connection part.
My firewall setting in order with regards to this problem are:
ipchains -M -S 14400 30 300
/sbin/modprobe ip_masq_ftp.o
ipchains -A forward -i $INTERNET_NIC -d $INTERNET_NET -s $LOCAL_NET -j MASQ
Has anyone encountered and/or resolved this problem?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You didn't have the exact answer to my problem, but you provided enough information for that eureka moment. Being that this is a firewall, I had disabled TCP Syn Cookies for everything except the VPN. This was preventing the ftp server from making any kind of connection. Once I opened syn cookies in the dynamically assigned prot range everything started working. Thanks again for the help.