Operating System - Linux
1828371 Members
2857 Online
109976 Solutions
New Discussion

FTP from LAN to remote site

 
SOLVED
Go to solution
Vernon Brown_2
Frequent Advisor

FTP from LAN to remote site

Thanks to all your help I almost have full access to the internet from my LAN through my Linux firewall. FTP almost works but fails when file transfer from the remote site should happen. From the documentation I see that I neet a module ip_masq_ftp.o but haven't been able to find it. When I search I find lots of references to it but not the module itself.

Thanks again for your help in the past.
7 REPLIES 7
Ron Kinner
Honored Contributor

Re: FTP from LAN to remote site

FTP normally has the server open a second TCP/IP connection from its port 20 back to your machine. THis occurs after the inital connection is made from your computer to the ftp server's port 21. Typically this new connection is blocked by a firewall.

You can set it up to use passive mode where your computer starts the connection to port 20. This is usually easier to get the firewall to allow. See man ftp.

Ron
Vernon Brown_2
Frequent Advisor

Re: FTP from LAN to remote site

Thanks Ron; but couldn't connect via port 20. Got "Can't Login" message using CuteFtp. Port 21 logs in but fails when directory listing should arrive.
Ron Kinner
Honored Contributor

Re: FTP from LAN to remote site

After the ftp logon before you do anything else, try typing passive. If this is a graphics based ftp you will have to look in your documentation to see how to turn on passive mode. Following is the man ftp description of passive mode:


passive Toggle passive mode. If passive mode is turned on (default
is off), the ftp client will send a PASV command for all data
connections instead of the usual PORT command. The PASV com-
mand requests that the remote server open a port for the data
connection and return the address of that port. The remote
server listens on that port and the client connects to it.
When using the more traditional PORT command, the client lis-
tens on a port and sends that address to the remote server,
who connects back to it. Passive mode is useful when using
ftp through a gateway router or host that controls the direc-
tionality of traffic. (Note that though ftp servers are re-
quired to support the PASV command by RFC 1123, some do not.)

Ron
Vernon Brown_2
Frequent Advisor

Re: FTP from LAN to remote site

Thanks for your help. CuteFtp is a Windows based GUI FTP program that I like because I can select and transfer multiple files. It works from any computer in my LAN when WinProxy is running on the gateway box. WinProxy has a passive FTP option and that works. My Linux documentation says I need ip_masq_ftp.o module on my Linux gateway box.

I'll keep trying to find passive mode on CuteFtp, or maybe get another FTP. Thanks.

Vern
Martin Burnett_2
Trusted Contributor

Re: FTP from LAN to remote site

Hello Vernon,

Have you tried sftp? This is a service of ssh and it is a secure ftp. There is a free windows executable called sftp from the Putty web site (see attachment) that allows you to run it from a Windows PC or you can use sftp from a Linux system. It connects via port 22 just like ssh.

HTH
Martin
Ron Kinner
Honored Contributor
Solution

Re: FTP from LAN to remote site

The .o means it's a module. A .c means it's the source code. It should be at:
/usr/src/linux/net/ipv4/ip_masq_ftp.c

When you build and make your kernel you have to tell it yes when it asks you about Modules otherwise you will not get the .o file.

From:
http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap12sec104.html

"Also, don't forget that you'll need to build a modularized kernel and answer Yes to the Enable loadable module support (CONFIG_MODULES) option instead of a monolithic kernel to be able to use masquerading functions and modules like ip_masq_ftp.o on your Gateway server see the Linux Kernel section above in this book for more information. "





The ip_masq files are actually drivers loaded using the modprobe program. The file names start with ip_masq_. The files are normally found in the /lib/modules/version/ipv4 directory where the version subdirectory is the version number of kernel as in /lib/modules/2.2.15-2.5.0/ipv4.

The typical collection of masquerading modules includes:

ip_masq_autofw.o
ip_masq_cuseeme.o
ip_masq_ftp.o
ip_masq_irc.o
ip_masq_mfw.o
ip_masq_portfw.o
ip_masq_quake.o
ip_masq_raudio.o
ip_masq_user.o
ip_masq_vdolive.o
FTP, IRC, and Quake may be familiar, but protocols like CuSeeME streaming video may not be. Protocols installed but not used simply use up RAM. Most users will want FTP and IRC support.

These modules are used only if the masquerade support is set up using ipchains. The typical command line for loading these modules is:

/sbin/modprobe ip_masq_ftp

Note that the .o is not needed. A module does not need to be loaded if the associated application is not used. Loading a module that will not be used simply uses more memory, but does not impact ipchains.

Ron

Vernon Brown_2
Frequent Advisor

Re: FTP from LAN to remote site

Thanks again; this should keep me busy for awhile. I still have to locate ip_masq_ftp module. I'll try RedHat 7.2. My present verson is 7.1.