[ previous ] [ next ] [ threads ]
 
 From:  Yoshinori Mamoto <ymamoto at sparc dot mine dot nu>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  About FTP problem behind M0N0wall
 Date:  Mon, 31 Jan 2005 15:54:14 +0900
Hello, I use now M0N0wall.

I have a problem about FTP access.

Now, my network is below:
         WAN            WAN
          |              |
Proxy --M0N0Wall#2-----M0N0WALL#1---ServerSeg#1
(OPT1)    |              |            (OPT1)
        LAN           ServerSeg#2
                         (LAN)

Rules Case1:
M0N0Wall #1 and #2 OPT1 interface rule 
 Source: OPT1 Subnet Dest: ANY Port:FTP(21)
M0N0Wall #1 LAN Interface rule
 Source: LAN Subnet Dest: Any Port: FTP(21)

 I can access a FTP server from LAN(through Proxy) and Proxy via both
active and passive mode, but I can't access from Server Seg#1 and #2
neither active nor passive mode FTP server.

Rules Case2:
 Only M0N0Wall#1 OPT1/LAN Interface Rule Changed as below:
 Source: OPT1 Subnet  Dest: Any Port:Any
 Source: LAN1 Subnet  Dest: Any Port:Any
 I can access FTP servers only by passive mode.

The difference is using the 1:1 NAT for Server Seg#1 and #2.
And I set up the firewall rules of WAN as below:

Source: ANY  Dest: www Port:HTTP (www is the alias of Seg#1 Server)
Source: ANY  Dest: www Port:SSH
etc.

Please Help me.

-- 
Yoshinori Mamoto <ymamoto at sparc dot mine dot nu>