[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Danny Puckett <dpuckett at comresource dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PASV FTP
 Date:  Tue, 29 Mar 2005 17:31:44 -0500
On Tue, 29 Mar 2005 15:46:18 -0500, Danny Puckett
<dpuckett at comresource dot com> wrote:
> I have tried to get this to work using NAT 1:1 but I am not having any luck.

You'll need a spare public IP, assuming you have one and have that setup ok.  


> Does 1:1 open all ports up?  

No.  It only opens up what you allow to the destination of the private
IP of the FTP server in rules on the WAN interface.  i.e. if your FTP
server is 192.168.1.2, you'd put a rule to allow source host/port
any/any destination host 192.168.1.2 port 21 on the WAN interface to
open 21.

-Chris