gypsy wrote:
> >>>When the default GW is set to the linux box (192.168.223.254) and
> >>>passive FTP to a remote server is initiated, the FTP fails after
> >>>connection because the internal IP of the remote machine (192.168.1.11)
> >>>is seen rather than its external IP. This problem occurs only when
> >>>passive FTP is used.
We created a workaround for this by forcing all FTP to be active, not
passive. We did this with jftpgw (
http://www.mcknight.de/jftpgw/jftpgw-0.13.5.tar.gz ) with a transparent
proxy setup.
This is the configuration:
#!/bin/sh
./configure \
"--prefix=/usr" \
"--sysconfdir=/etc" \
"--localstatedir=/var" \
"--enable-crypt" \
"--enable-libwrap" \
"--with-logpath=/var/log" \
"$@"
make all install
And the jftpgw.conf:
<global>
serverport 21
defaultmode active
debuglevel 8
changeroot never
dropprivileges startsetup
runasuser nobody
loginstyle 0
logintime user
commandtimeout 60
dnslookups no
forwardlookups no
hostcachetimeout 28800
initialsyst yes
reverselookups no
strictasciiconversion on
syslogfacility daemon
transfertimeout 120
transparent-proxy on
welcomeline .
</global>
<servertype standalone>
listen 192.168.223.254:2370
logstyle files
logfile /var/log/jftpgw.log
pidfile /var/run/jftpgw.pid
</servertype>
<servertype inetd>
logstyle syslog
</servertype>
<from 0.0.0.0/0>
access deny
</from>
<from 192.168.223.0/24>
access allow
</from>
And the iptables line:
iptables -t nat -A PREROUTING -p tcp -s 192.168.223.0/24 --dport 21 -j
DNAT --to 192.168.223.254:2370
--
gypsy
|