RE: Passive FTP sees remote's _internal

NetFilter

RE: Passive FTP sees remote's _internal_ IP!!??

To:	"'gypsy'" <gypsy@iswest.com>, <netfilter@lists.netfilter.org>
Subject:	RE: Passive FTP sees remote's _internal_ IP!!??
From:	"Maxime Ducharme" <mducharme@cybergeneration.com>
Date:	Tue, 28 Nov 2006 13:09:48 -0500
Cc:
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<456BBF32.877BE99C@iswest.com>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender:	netfilter-bounces@lists.netfilter.org
Thread-index:	AccSqIR9iBNrb8IHQde0dOhM8g7XHAAb19SQ

> SonicWALL does fix this, and we also would REALLY like to know how!!  At
> the present time, our only "solution" is to reconfigure the clients to
> gateway to the SonicWALL because everyone's browser only does passive
> FTP.

I have an idea on how SonicWALL fix this, maybe it
is programmed to detect badly configured FTP replies
and correct them itself by replacing the PASV x.x.x.x
command with the source IP found in the IP packet

something like :

if ip.sourceIP != ftp.reply.passiveIP then
  ftp.reply.passiveIP = ip.sourceIP

I dont think iptables can do that, correct me if i'm wrong

I see you got a workaround, happy to hear this :)

Have a nice day

Maxime

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Passive FTP sees remote's _internal_ IP!!??, gypsy Re: Passive FTP sees remote's _internal_ IP!!??, William Lima Passive FTP sees remote's _internal_ IP!!??, gypsy Re: Passive FTP sees remote's _internal_ IP!!??, David Sims RE: Passive FTP sees remote's _internal_ IP!!??, Maxime Ducharme Re: Passive FTP sees remote's _internal_ IP!!??, Pascal Hambourg Re: Passive FTP sees remote's _internal_ IP!!??, gypsy RE: Passive FTP sees remote's _internal_ IP!!??, Maxime Ducharme <= Re: Passive FTP sees remote's _internal_ IP!!??, Pascal Hambourg Re: Passive FTP sees remote's _internal_ IP!!??, gypsy

Previous by Date:	Re: problems building conntrack w/ uclibc - no output, Alan Ezust
Next by Date:	Re: Passive FTP sees remote's _internal_ IP!!??, Pascal Hambourg
Previous by Thread:	Re: Passive FTP sees remote's _internal_ IP!!??, gypsy
Next by Thread:	Re: Passive FTP sees remote's _internal_ IP!!??, Pascal Hambourg
Indexes:	[Date] [Thread] [Top] [All Lists]