1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
|
<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.4F.m">
<TITLE>The Answer Gang 76: Setup of ipchains when using ftp</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!--endcut ========================================================= -->
<P> <hr>
<!--startcut ======================================================= -->
<CENTER>
<!-- *** BEGIN navbar *** -->
<!-- *** END navbar *** -->
</CENTER>
</p>
<!--endcut ========================================================= -->
<!--startcut ======================================================= -->
<P> <hr>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<p align="center">
<table width="100%" border="0"><tr>
<td align="right" valign="center"
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
><A HREF="..//"
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
ALT="[ Table Of Contents ]" border="0"></A
><A HREF="../lg_answer.html"
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
<td align="center" valign="center"><A HREF="../lg_answer.html#greeting"><img align="middle"
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
<A HREF="../tag/bios.html">Meet the Gang</A>
<A HREF="1.html">1</A>
<A HREF="2.html">2</A>
<A HREF="3.html">3</A>
<A HREF="4.html">4</A>
<A HREF="5.html">5</A>
<A HREF="6.html">6</A>
<A HREF="7.html">7</A>
<A HREF="8.html">8</A>
<A HREF="9.html">9</A>
<A HREF="10.html">10</A>
<A HREF="11.html">11</A>
<A HREF="12.html">12</A>
</td>
<td align="left" valign="center"><A HREF="../../tag/kb.html"
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
ALT="[ Index of Past Answers ]" border="0"></A
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
</p>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<!--endcut ========================================================= -->
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Gang</font>
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By Jim Dennis, Ben Okopnik, Dan Wilder, Breen, Chris, and...
(<a href="bios.html">meet the Gang</a>) ...
the Editors of Linux Gazette...
and You!
<br>Send questions (or interesting answers) to
The Answer Gang
for possible publication
(but read the <a href="ask-the-gang.html">guidelines</a> first)
</H4>
</center>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<p><hr><p>
<!-- begin 2 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>Setup of ipchains when using ftp</H3>
<p><strong>From Chris Gianakopolous
</strong></p>
<p></strong></p>
<p align="right"><strong>Answered By Jim Dennis, John Karns, Heather Stern, Ben Okopnik, Mike Orr
</strong></p>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hello Gang,
</STRONG></P>
<P><STRONG>
I have a network of machines which use Linux and Windows95. This is not
a Windows95 question!
</STRONG></P>
<P><STRONG>
Here's what I have.
</STRONG></P>
<P><STRONG>
1. The network address, of the ethernet LAN, is 192.93.16.0 (a Motorola block).
</STRONG></P>
<P><STRONG>
2. I use a dialup connection, using a modem, to access my ISP, and I use
wvdial to dial things up. The Linux machine is the one connected to the
Internet. It is my router.
</STRONG></P>
<P><STRONG>
3. I use the <A HREF="http://www.suse.com/">SuSE</A> 6.4 Linux distribution (with the 2.2.14 kernel).
</STRONG></P>
<P><STRONG>
4. I use ipchains to set up my rules. The commands are listed below. It's
in a shell script.
</STRONG></P>
<p align="center">See attached <tt><a href="../misc/tag/ipchains-masq.sh.txt">ipchains-masq.sh.txt</a></tt></p>
<P><STRONG>
I can browse the Web (from my Windows machine) with no problem. When I
use the ftp client, on the Windows machine, I can log in to the ftp site
(ftp.cdrom.com, for example), and I can get the prompt. When I type "ls"
or "dir", I get the indication that the PORT command is successful, and
nothing else happens. Things appear to stall.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Mike]
There's a special kernel module (ip_masq_ftp) to allow FTP to pass through an
IP-masqueraded gateway. See the Networking section in the kernel
configuration.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
I have seen a posting on the SuSE site about this very problem, but, I have
not yet found an answer.
</STRONG></P>
<P><STRONG>
I will continue troubleshooting this problem on my own, but if anybody
else (probably everybody) has seen the behavior of ipchains and ftp clients
on other machines, it would be cool if you let me know.
</STRONG></P>
<P><STRONG>
I suspect that this is a simple configuration problem. I looked at the
IP-CHAINS HOWTO, and I looked at the IP-MASQUERADING HOWTO, but, I have not
found anything yet. I will look at them again, just to see if I missed
anything. I will also search the Linux Gazette site again. I may just have
a mental block.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Mike]
RealAudio, Quake, IRC, CUSeeMe and VDO-Live also require their own separate
modules, at least on kernel 2.2. On kernel 2.4, those modules don't seem to
exist, although ip_nat_ftp does exist.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Thanks Mike. I wound up figuring that out, ultimately...
</STRONG></P>
<P><STRONG>
Why my ftp client, on my Windows95 machine, did not appear to
work using my Linux machine with IP masquerading was --
</STRONG></P>
<P><STRONG>
I had to type the
following command on my Linux machine that was doing the masquerading:
</STRONG></P>
<pre><strong>insmod ip_masq_ftp
</strong></pre>
<P><STRONG>
I found this information at the URL,
</STRONG></P>
<P><STRONG>
<A HREF="http://netfilter.samba.org/ipchains/HOWTO-7.html"
>http://netfilter.samba.org/ipchains/HOWTO-7.html</A>
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Yep; there's an entire kit of various ip_masq_* modules, including IRC,
RealAudio, VDOLive, CuSeeme, and so on. You can usually find these under
"<TT>/lib/modules/<kernelversion>/ipv4/</TT>".
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Yea, Ben. I saw all of the various ip_masq_* modules at some other URL.
Thanks for the reply.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [JimD]
</blockQuote>
<blockQuote>
The broader issue is that the normal automatic kernel loading
mechanism (kmod) wasn't working. You probably want to run
depmod (build your kernel module dependency tree file) and try
running modprobe (which attempts to find and load modules
<EM>including</EM> their dependents). If the modprobe command doesn't
work by hand, then the kmod (kernel module loader) won't either
--- since kmod spawns off kernel threads to execute modprobe
commands.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
Actually, "depmod -a" runs every time you boot - at least on my <A HREF="http://www.debian.org/">Debian</A> box;
that's what prints the "Calculating module dependencies..." line. It's in
"<TT>/etc/init.d/modutils</TT>". I'm not sure how it works on SuSE.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [John K]
I believe it's the same on SuSE.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
The depmod call is in <TT>/etc/init.d/boot</TT> (on SuSE 7.1). There is no "modutils"
here...
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
I think that I did that depmod stuff when I rebuilt the kernel (to add
enhanced support for my hard disk controller), but I will take this advice
into account. Maybe I THINK that I did the required stuff. It was more
than 8 months ago (an eternity in my world).
</STRONG></P>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [JimD]
</blockQuote>
<blockQuote>
It's also possible that something might be wrong with your
<TT>/etc/modules.conf</TT> file which aliases certain kernel symbols
(drivers, protocol families, filesystem types, etc) with the
modules specific to your system.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Ben]
As well, it's worth checking "<TT>/etc/modutils/aliases</TT>" and
"<TT>/etc/modutils/arch/i386</TT>" files; if they don't have the correct lines in
them, "update-modules" will not have what it needs to build
"<TT>/etc/modules.conf</TT>" correctly.
</blockQuote>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [John K]
This is different on SuSE, however. I'm running SuSE 7.1 and these dirs
don't exist.
</blockQuote>
<blockQuote>
I'm also running masquerading with a 2.2.x (2.2.20), and I just put the
modules in the ipchain script to have them loaded. I don't see that SuSE
had set up modutils for the masq modules.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hey John,
</STRONG></P>
<P><STRONG>
Which script are you talking about? I just put everything in a bash script.
Is that what you are talking about? I would look at the man page for
ipchains, but I am on a system that I am just installing Linux, thus,
ipchains (and its man page) are not installed. I just got the ppp link,
sendmail, and mutt configured on this machine.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [Heather]
On my SuSE 7.1 <TT>/etc/modules.conf</TT> gets used to declare the modules, and looks
like the file which Debian's modutils normally composes out of loose parts.
(for Debian fans,
I'll note that it'll do that whenever you run 'update-modules' as root.)
</blockQuote>
<blockQuote>
While it can be argued that the loose parts make it easier to keep things
organized, I'll note that with or without, it's a mess pretty quickly when
you like to toggle amid a handful of kernel versions. Luckily modules that
don't exist merely issue a harmless warning.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
I will double check that.
Okay, I just double checked my <TT>/etc/modules.conf</TT> file. It has all of the
cool stuff for setting up sound....., but nothing is mentioned (in the file)
for my ftp masquerading module. This is the file that I manually have to
set up with the SuSE 6.4 distribution. Oh well, I'll read more about this
stuff.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [JimD]
</blockQuote>
<blockQuote>
kmod works by intercepting attempts to use device drivers,
networking protocols, filesystem types and other resources
that <EM>might</EM> be provided through kernel modules, suspending the
process that requested those resources, mapping the requested resource
to some provider module and attempting to modprobe that provider.
As I've said, modprobe attempts to recursively load each of the
modules on which its target depends.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
I see.
</STRONG></P>
<blockQuote>
<IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
> [JimD]
</blockQuote>
<blockQuote>
So, your use of ftp should, normally, have automatically loaded
the ip_masq_ftp.o for you.
</blockQuote>
<P><STRONG>
<IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
At least my original suprise is sort of justified. Of course, knowledge
reduces stress and surprise. Thanks for the info, Jim. I will do some
more reading (heeding your advice, of course), and start my experiments.
</STRONG></P>
<!-- end 2 -->
<P> <hr> </p>
<!-- *** BEGIN copyright *** -->
<H5 align="center">This page edited and maintained by the Editors
of <I>Linux Gazette</I>
<a href="http://www.linuxgazette.com/copying.html"
>Copyright ©</a> 2002
<BR>Published in issue 76 of <I>Linux Gazette</I> March 2002</H5>
<H6 ALIGN="center">HTML script maintained by
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
Starshine Technical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H6>
<!-- *** END copyright *** -->
<!--startcut ======================================================= -->
<P> <hr>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<p align="center">
<table width="100%" border="0"><tr>
<td align="right" valign="center"
><IMG ALT="" SRC="../../gx/navbar/left.jpg"
WIDTH="14" HEIGHT="45" BORDER="0" ALIGN="middle" border="0"
><A HREF="..//"
><IMG SRC="../../gx/navbar/toc.jpg" align="middle"
ALT="[ Table Of Contents ]" border="0"></A
><A HREF="../lg_answer.html"
><IMG SRC="../../gx/dennis/answertoc.jpg" align="middle"
ALT="[ Answer Guy Current Index ]" border="0"></A></td>
<td align="center" valign="center"><A HREF="../lg_answer.html#greeting"><img align="middle"
src="../../gx/dennis/smily.gif" alt="greetings" border="0"></A>
<A HREF="../tag/bios.html">Meet the Gang</A>
<A HREF="1.html">1</A>
<A HREF="2.html">2</A>
<A HREF="3.html">3</A>
<A HREF="4.html">4</A>
<A HREF="5.html">5</A>
<A HREF="6.html">6</A>
<A HREF="7.html">7</A>
<A HREF="8.html">8</A>
<A HREF="9.html">9</A>
<A HREF="10.html">10</A>
<A HREF="11.html">11</A>
<A HREF="12.html">12</A>
</td>
<td align="left" valign="center"><A HREF="../../tag/kb.html"
><IMG SRC="../../gx/dennis/answerpast.jpg" align="middle"
ALT="[ Index of Past Answers ]" border="0"></A
><IMG ALT="" SRC="../../gx/navbar/right.jpg" align="middle"
WIDTH="14" HEIGHT="45" BORDER="0"></td></tr></table>
</p>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<!--endcut ========================================================= -->
<P> <hr>
<!--startcut ======================================================= -->
<CENTER>
<!-- *** BEGIN navbar *** -->
<!-- *** END navbar *** -->
</CENTER>
</p>
<!--endcut ========================================================= -->
<!--startcut ======================================================= -->
</BODY></HTML>
<!--endcut ========================================================= -->
|
