This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.
Ian Peattie provided this:
Supposing your ipnat configuration looks like this:
#!/bin/ksh MYIP=`ifconfig net0 | grep inet | awk '{ print $2 }'` ipnat -F ipnat -C ipnat -f - <<EOF map net0 192.168.200.0/24 -> $MYIP/32 EOF
To add the ftp proxy, change your script to this:
----(start)--- #!/bin/ksh MYIP=`ifconfig net0 | grep inet | awk '{ print $2 }'` ipnat -F ipnat -C ipnat -f - <<EOF map net0 192.168.200.0/24 -> $MYIP/32 proxy port ftp ftp/tcp map net0 192.168.200.0/24 -> $MYIP/32 EOF ----(end)----
and then re-run it.
A quick simple explanation of ftp/passive ftp for those not familiar with it:
Ftp is a little different than most protocols. When you connect to an ftp server, you connect on what's called the "Control" port. When you want to transfer a file, the ftp server opens a data connection back to you. There's two connections: one that you originated, and one that the server opened for data. And there's the problem for most firewalls: they block that data connection because it comes from outside.
Passive ftp works by the client (that's you) telling the server to use Passive mode-the client opens it's own data connection, and the server uses that. The server is being "passive"- it isn't actively opening connections. For your typical firewall, that's much easier- the connection originates inside the firewall, therefore it's OK (though the firewall does usually have to be told that this is OK ahead of time).
From the strict NAT side of things- where Box A is the client trying to access an ftp site on the Internet, the regular ftp session is the bitchier of the two- the passive mode is easy, but for normal ftp the NAT has to know who that data connection that suddenly comes knocking belongs to. But, if it has properly mangled eveything and kept track of who's doing what, it can do the magic, and it does.
But for Box A to be the server, that's upside down. Now it's the client that comes knocking, and something has to pass it to Box A. That's so whether the client wants the server to be passive or not.
Got something to add? Send me email.
What happens then? Is there a ticker tape parade and heartfelt thanks from the computer it has reached? No, my friends, there is not. The poor packet is immediately gutted, stripped of its protective layers and tossed into the hungry maw of whatever application (mail, a webserver, whatever) it belongs to. (Tony Lawrence)
Printer Friendly Version
Have you tried Searching this site?
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.
Contact us
Printer Friendly Version