Hello,
I am having a really weird problem with the ip_nat_ftp module and the [Free
S/WAN] ipsec module. When I have the ipsec module loaded (with or without
any tunnels configured) the FTP Data connections to any active type FTP
servers get screwed up. What happens is that I am able to connect and login
to the server, I am able to do an 'ls' or 'get' operation once. On
subsiquent operations that require the use of the data channel the system
hangs. I used tcpdump on the firewall to see what 'PORT' commands where
being sent to the server. This is where I noticed that the first 'PORT'
command was getting it's IP address rewritten from the clients internal
address to the clients external address, thus the ip_nat_ftp module works as
expected. However, on subsiquent 'PORT' commands, from within the same FTP
session, the IP address in the 'PORT' command is my client machines internal
IP address, so the remote server freaks out and drops (TCP RESET) the
connection. If I stop the IPSEC service (unload ipsec.o module) the 'PORT'
commands internal IP address gets rewritten to the clients external IP
adddress each and every time I do a 'get' or 'ls' operation.
Now the really wierd part. When I have the IPSEC module loaded and a tunnel
configured, and I use FTP to access an FTP server that resides on the other
end of the tunnel the ip_nat_ftp module is able to rewrite the 'PORT'
commands IP address each and every time, hence the active FTP works like a
charm through the tunnel. Weird Huh?
I am using kernel 2.4.20, iptables 1.2.8, patch-o-matic 20030107, and Free
S/WAN 2.01.
Any help regarding this matter would be greatly appreciated. Thanks in
advance.
®odre
_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
