Mario Camou wrote:
> Precisely, the Linux kernel *HAS* a Proxy.:
No it don't. There is FTP proxies available for Linux, but the kernel
level masquerading is NOT a proxy by definition. Visibly it does the
same thing as a transparent proxy, but in a completely different way.
A proxy completes the clients connection at the proxy server, and opens
a separate connection to the origin server. IP masquerading rewrites the
clients packets to look like originating from the IP masquerading host
but the connection is still end to end between the client and the origin
server.
> # insmod ip_masq_ftp
>
> Then on your client:
>
> % ftp firewall
> Name (firewall:user) : anonymous@sunsite.unc.edu
This is not ip_masq_ftp. You have some kind of FTP proxy installed as
well if this works.
ip_masq_ftp is a masquerading module, and as such it is only active when
the Linux kernel forwards packets between two interfaces. Here you have
contacted a service (proxy) running on the Linux server, most likely
started from inetd.conf.
The role of the ip_masq_ftp module is to rewrite PORT commands in
masqueraded FTP connections, not proxying. Without ip_masq_ftp loaded
you have to use passive FTP (PASV) on masqueraded FTP connections.
--- Henrik Nordstrom Spare time Squid hackerReceived on Thu Oct 22 1998 - 15:37:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:45 MST