[geeks] ipfilter question - was:DHCP silliness
geeks at sunhelp.org
geeks at sunhelp.org
Sun Nov 25 12:11:12 CST 2001
jdboyd at cs.millersville.edu writes:
>Hmm. Looking for information on what pasv means, I find that it appears that
>linux's ip_masq can be set to eaves drop on ftp connections to allow normal
>mode to work. I bet that NetBSD can do the same thing, whenever I get it
>set up for NAT. I wonder how I set Mozilla and IE to pasv mode in the mean
>time...
In normal mode, a contacts b, asks for a file, b opens a new connection
back to a and sends the file. If a is beind NAT, its IP is obviously
bogus from b's point of view, and therefore unreachable.
In passive mode, a contacts b, ask for a file, b send it back along
the existing connection.
Snooping on ftp connections to "fix" that is insane. I don't want
my firewall being a wiseass about what's really hidden.
-------- David Fischer --------- dave at cca.org --------- www.cca.org --------
---------------------- "It's something to do." -Cerebus --------------------
More information about the geeks
mailing list