FTP and IPSEC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a follow up to a former problem, but unreleated.
 
I have two networks conencted via IPSEC.  On each side of the network I have client servers that have SNAT/DNAT to the internet.  Everything seems to work well under ISPEC except ftp.  Here is what I found.
 
>From location A, a workstation without a static external IP address on the 10.0.10.x can FTP anywhere on the net without problems but CANNOT ftp to a machine at location B using it's internal 10.0.50.x IP.  This same workstation CAN ftp without restriction to it's external alias for the same machine at location B using it's external IP 199.199.199.x
 
If I remove ip_nat_ftp and ip_conntrack_ftp it seems to work fine.  But the problem is now that we cannot ftp externally from that location.  Both locations have ip_nat_ftp loaded but it doesn't seem to matter.
 
When we had a pptp connection between the two locations we didn't have this problem.  It only seems to happen with IPSEC.  
 
Is there a workaround for this or is there a way to tell ip_nat_ftp to ignore a particular IP range?
 
Gary Smith


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux