[ previous ] [ next ] [ threads ]
 
 From:  "Josh McAllister" <josh at bluehornet dot com>
 To:  "Dino Edwards" <computerservices at gmail dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] FTP Server Issues Behind Monowall-Take Two
 Date:  Wed, 24 Nov 2004 11:07:36 -0800
The key diference between FTP and all the protocols you mention is that
FTP opens a return connection for data. This means that if you don't
have outbound NAT properly configured, the source IP of that return
connection will be different from the IP specified in the forward
connection. 

In short, be sure you've got outbound NAT properly set up for the FTP
server such that it maps to the same IP the inbound connections come in
on.

Josh

> -----Original Message-----
> From: Dino Edwards [mailto:computerservices at gmail dot com]
> Sent: Wednesday, November 24, 2004 11:21 AM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] FTP Server Issues Behind Monowall-Take Two
> 
> Has anyone gotten FTP to work behind monowall with an IP address not
> assigned to the WAN interface? I've tried 1:1 mapping, and server nat
> but nothing works. I have gotten it to work with the IP address
> assigned to the WAN interface but beyond that no workie! My feeling is
> that FTP implementation is broke when it comes to server nat or 1:1
> mapping with an IP not assigned to the WAN interface. I've gotten a
> lot of suggestions from people already, but most of the time I've
> gotten suggestions that don't jive with the way monowall works.
> 
> Other services such as SMTP, HTTP, POP3, terminal services, VNC work
> perfectly either through 1:1 mapping or server NAT. The only thing
> common between the above mentioned services is that they use 1 port
> where FTP uses at least two ports.
> 
> Any thoughts on this? This would probably be a good place to hear some
> feedback from Mr. Kasper concerning this issue.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch