New Zealand ADSL Mailing List


3COM FTP woes..

From: Alex C Henderson <dnwo_at_nettaxi.com>
Date: Wed, 28 Mar 2001 18:58:49 +1200
Message-ID: <NEBBKGLEALHCDGDHBLANOEHPCAAA.dnwo@nettaxi.com>

Hi, I've just installed a 3COM ADSL modem and set it up for masquerading
with pppoe.. it works a treat and my pings have never looked sweeter,
however I'm having an issue with data connections within FTP now. Before
with my modem/business satnet connection my masquerading of files etc.
worked a treat, now downloading with any FTP client, with both
passive/non-passive ftp connections yields very poor speed, or no connection
at all. Whats going on? When I installed pppoe (on debian 2.2r2 using
alien to convert the roaring penguion rpm package to a debian package) I
specified that I wished to have masquerading, was this a good idea? As a
note I have these modules installed under ipv4:

ip_masq_autofw
ip_masq_ftp
ip_masq_irc
ip_masq_raudio
rarp

Note: my ethernet card is 192.168.1.0 and I have it aliased (eth0:1) to
192.168.157.1 so it can see the 3com modem, I dont actually think this is
necessary though because my connection still works when I dont even add in
the alias, additionally the 3com modem is on the hub, and my linux box has a
single network card (which is bad for pings I know.. but I'm too poor to
afford another network card yet).

should I need anything else?

Here's my /etc/ppp/firewall-masquerade file that pppoe made, with a few
modifications I made myself for the onlinegame Asherons Call (to get around
loose udp routing problems etc.):

Help!

 - Alex

------------------

EXTIF=ppp+

ANY=0.0.0.0/0

ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward DENY

ipchains -F forward
ipchains -F input
ipchains -F output

# Deny TCP and UDP packets to privileged ports
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p udp -j DENY
ipchains -A input -l -i $EXTIF -d $ANY 0:1023 -p tcp -j DENY

# Deny TCP connection attempts
ipchains -A input -l -i $EXTIF -p tcp -y -j DENY

# Deny ICMP echo-requests
ipchains -A input -l -i $EXTIF -s $ANY echo-request -p icmp -j DENY

# Do masquerading
ipchains -A forward -j MASQ
ipchains -A input 207.46.204.0/24 -d 0/0 9000:9013 -p 17 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_masq_udp_loose
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Wed Mar 28 18:57:42 2001


This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:09 2006 EST