[ previous ] [ next ] [ threads ]
 From:  Jean-Francois Theroux <jftheroux at privalodc dot com>
 To:  Danny Puckett <dpuckett at comresource dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PASV FTP
 Date:  Tue, 29 Mar 2005 13:46:45 -0500
As far as I remember, its a ipfw limitation, and not a m0n0wall one. I 
remember looking it up at some point and finding that lots of people 
under FreeBSD had a similar problem. Solution would be to do 1:1 NAT to 
the internal server. Since I've done that, I've stopped having problems 
with our FTP server.

We only use FTP to upload files to websites, because otherwise, I would 
put a FTP server directly on the web, using a public IP.


Danny Puckett wrote:
> I would seem that the FTP service in IIS 6.0 does not allow for
> masquerading.  I did some digging and found this thread stating that the NAT
> should take care of all the issues and not the FTP server.  Does m0n0wall
> track FTP sessions as suggested?
> http://www.webservertalk.com/archive121-2004-1-86598.html
>>-----Original Message-----
>>From: Frans J King [mailto:frans dot king at f333 dot net]
>>Sent: Tuesday, March 29, 2005 12:09 PM
>>To: Danny Puckett; m0n0wall at lists dot m0n0 dot ch
>>Subject: Re: [m0n0wall] PASV FTP
>>I think this is the problem:
>>Response: 227 Entering Passive Mode (192,168,2,21,78,51).
>>The server is telling the client to connect to a non internet routable IP.
>>You need to configure the FTP server to masquerade its address.
>>See this documentation for proftpd:
>>----- Original Message -----
>>From: "Danny Puckett" <dpuckett at comresource dot com>
>>To: <m0n0wall at lists dot m0n0 dot ch>
>>Sent: Tuesday, March 29, 2005 5:46 PM
>>Subject: [m0n0wall] PASV FTP
>>>I have been trying to get a PASV connection to an FTP server behind
>>>and am not having much luck.  I have configured my PassivePortRange on
>>>FTP server per MS article.
>>>I have NAT configured as
>>>WAN  TCP  21 (FTP)  21 (FTP)  FTPTEST
>>>WAN  TCP  20000-21000 (FTP)  20000-21000 (FTP)  PASSVTEST
>>>And Rules
>>>TCP  *  *  21 (FTP)  NAT FTPTEST
>>>TCP  *  *  20000 - 21000  NAT PASVTEST
>>>I am using FileZilla and I receive the following
>>>Response: 220-Microsoft FTP Service
>>>Response: 220 BI FTP Test Site
>>>Command: USER dpuckett
>>>Response: 331 Password required for dpuckett.
>>>Command: PASS **************
>>>Response: 230-Hello
>>>Response: 230 User dpuckett logged in.
>>>Command: FEAT
>>>Response: 211-FEAT
>>>Response:     SIZE
>>>Response:     MDTM
>>>Response: 211 END
>>>Command: SYST
>>>Response: 215 Windows_NT
>>>Status: Connected
>>>Status: Retrieving directory listing...
>>>Command: PWD
>>>Response: 257 "/" is current directory.
>>>Command: PASV
>>>Response: 227 Entering Passive Mode (192,168,2,21,78,51).
>>>Command: TYPE A
>>>Response: 200 Type set to A.
>>>Command: LIST
>>>Response: 425 Can't open data connection.
>>>Error: Could not retrieve directory listing
>>>Can anyone tell me what I am doing wrong?

Jean-Francois Theroux
Systems administrator