[brlug-general] IIS 6.0 PASV ftp through NAT
James Kuhns
james at kuhns-la.com
Wed Jun 21 14:15:48 CDT 2006
d'uho, I feel like an idiot :-)
I've been chasing this off and on since Monday, I've run lsmod I don't know
how many times to make sure those modules were loaded - check and check -
I've also looked at rc.network I don't know how many times to make sure I
was setting the correct ports - ummm... check and check? Not! Turns out I
had the ports from the old ftp server in there (they only differ by one
digit).... arghhh, I hate when I do something stupid like that.
Thanks guys, seeing y'all mention the modules made me go check them one more
time just to "be sure" (already thought I was), caught it this time...
James
_____
From: General-bounces at brlug.net [mailto:General-bounces at brlug.net] On Behalf
Of Shannon Roddy
Sent: Wednesday, June 21, 2006 11:22 AM
To: General at brlug.net
Subject: Re: [brlug-general] IIS 6.0 PASV ftp through NAT
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp
Not sure how to do it specifically on smoothwall, but here is a thread that
seemed to mention it:
http://community.smoothwall.org/forum/viewtopic.php?t=11031
<http://community.smoothwall.org/forum/viewtopic.php?t=11031&view=next>
&view=next
Should work like a charm.
On 6/21/06, James Kuhns < james at kuhns-la.com <mailto:james at kuhns-la.com> >
wrote:
Ok, I may be dreaming but this is what I'm wanting to do...
I have a problem here where I have an IIS 6.0 ftp server sitting in my local
network (192.168.xxx.xxx address). I have a firewall/router NATTing for
machines in the local network (Smoothwall Express 2.0, red/green). I have
the ftp command channel port and the PASV ports that MS will return
forwarded to the IIS box.
The problem is that MS' IIS 6.0 ftp server refuses to work in anything
except for PASV mode - not a bad thing by itself - but since PASV mode
returns the address of the interface it received the connection on, the
NATTing gets in the way. i.e. if an outside client connects to the external
address port zzz for ftp and issues a PASV command the server responds with
'227 Entering Passive Mode (192, 168, xxx, xxx, yyy, yyy)', since
192.168.xxx.xxx is not accessible from outside the connection fails.
What I'm considering doing is to use the Smoothwall box to rewrite the '227
Entering Passive Mod (192, 168, xxx, xxx, yyy, yyy)' reply to '227 Entering
Passive Mode (<external address here>, yyy, yyy)'. Since snort is already
on the Smoothwall box I can use a rule to detect the string but I'm not
sure how I would go about doing the rewrite as the only action I can find
that snort will take is to drop/send the packet and then log the fact that
it detected it. Does anyone know of any add-ons to snort that will do a
rewrite like this? Or did I miss something and snort can handle this
natively? I've found a few things that are external to snort that will do
this rewrite (tripp is one), but I can't find any way to make snort call
them via a rule.
Any other work-around suggestions would be greatly appreciated.
Thanks,
James
_______________________________________________
General mailing list
General at brlug.net
http://brlug.net/mailman/listinfo/general_brlug.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://brlug.net/pipermail/general_brlug.net/attachments/20060621/e8f57e08/attachment.html>
More information about the General
mailing list