[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  Dave Warren <maillist at devilsplayground dot net>
 Cc:  Zoban <zoban at web4all dot cz>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT > FTP
 Date:  Sun, 17 Oct 2004 22:04:06 -0700
Dave,

> >Doing one FTP server through NAT is always a challenge, much less
> >trying to do more than one.  Give that a shot, and if you have more
> >problems, post your internal configuration along with server software
> >+ IP addresses of your internal servers and maybe the situation could
> >be clearer (it's quite abstract to me right now).
> >
> >
> It's not as bad if the firewall fixes up the "PORT" command, but AFAIK
> m0n0wall does not.  Am I correct, or is there some way to trick m0n0
> into tweaking PORT commands so that everything works inbound and/or
> outbound (Although obviously only on port 21)

Filtering/modifying PORT commands is the job of a transparent system
that has to analyze every packet that's travelling out of m0n0.  I
don't think it's possible in m0n0, and for the most part, IMHO it
should be the job of the server to modify the PORT requests rather
than relying on the upstream provider.


/sylikc