[plug] outbound rule

Jon Miller jlmiller at mmtnetworks.com.au
Wed Oct 18 10:29:53 WST 2006


What I've just found out from the engineer in Adelaide is that he is not seeing any ftp on the destination server. therefore this leads me to think that the gateway firewall (which controls what packets travels over the vpn) is not letting the ftp packets requests to go over the vpn.  Does this sound right?

Jon

>>> daniel at flashware.net 10:18:10 am 18/10/2006 >>>
Further to what Jon has said, can you not restrict the range of 'dynamic ports'
it uses, and then forward those ports to the IP involved?

Just thinking out loud.. don't shoot me down! :)

Cheers
-- 
Daniel Pearson 
Flashware Solutions ABN 58 438 456 919
Mob: 0438 118 897  |  Email: daniel at flashware.net 

The information contained in this electronic transmission is confidential. If
you are not the intended recipient of this transmission, use of this information
is strictly prohibited.  If you have received this transmission in error, please
contact Flashware Solutions 0438 118 897.


Quoting Jon  Miller <jlmiller at mmtnetworks.com.au>:

> What I'm trying to do is get ports 20 and 21 to work.  As I've stated I can
> see the packet requests coming in on the external interface, but it's not to
> my knowledge either getting to the server or a return ACK is not getting back
> to the gateway.  In either case it would be the firewall that is causing
> this.  What I'm trying to construct is a rule that will allow return ftp
> packets traffic thru / to the gateway.
> I understand that the data is dynamic so do I have to use a range for the
> ports?
> 
> Thanks
> 
> >>> billk at iinet.net.au 9:51:19 am 18/10/2006 >>>
> standard ftp uses a dynamicly requested data port - the best way around
> is to use scp/sftp.  In ftp there are two ports involved - a control
> port which is fixed, and data which is dynamic
> 
> BillK
> 
> 
> On Wed, 2006-10-18 at 09:27 +0800, Jon Miller wrote:
> > Drawing a blank here - hate to bother but I need to know the format of a
> simple outgoing rule from the internal LAN to the either a VPN or the
> Internet.  
> > We have a server where we need to ftp data to and from a vpn from one site
> to another.
> > The external interface is eth0 while the internal interface is eth0.
> > Using tethereal I can see packets coming in to the server, but the return
> isn't working.
> > 
> > Thanks
> > 
> > Jon
> > 
> > _______________________________________________
> > PLUG discussion list: plug at plug.org.au 
> > http://www.plug.org.au/mailman/listinfo/plug 
> > Committee e-mail: committee at plug.linux.org.au 
> _______________________________________________
> PLUG discussion list: plug at plug.org.au 
> http://www.plug.org.au/mailman/listinfo/plug 
> Committee e-mail: committee at plug.linux.org.au 
> 
> _______________________________________________
> PLUG discussion list: plug at plug.org.au 
> http://www.plug.org.au/mailman/listinfo/plug 
> Committee e-mail: committee at plug.linux.org.au 
> 
_______________________________________________
PLUG discussion list: plug at plug.org.au 
http://www.plug.org.au/mailman/listinfo/plug 
Committee e-mail: committee at plug.linux.org.au




More information about the plug mailing list