[ previous ] [ next ] [ threads ]
 
 From:  Danny Puckett <dpuckett at comresource dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PASV FTP
 Date:  Tue, 29 Mar 2005 21:05:19 -0500
I tried this with an extra public IP, but the FTP server is still 
passing back its private address to the client.

227 Entering Passive Mode (192,168,2,21,78,49)

Chris Buechler wrote:
> On Tue, 29 Mar 2005 15:46:18 -0500, Danny Puckett
> <dpuckett at comresource dot com> wrote:
> 
>>I have tried to get this to work using NAT 1:1 but I am not having any luck.
> 
> 
> You'll need a spare public IP, assuming you have one and have that setup ok.  
> 
> 
> 
>>Does 1:1 open all ports up?  
> 
> 
> No.  It only opens up what you allow to the destination of the private
> IP of the FTP server in rules on the WAN interface.  i.e. if your FTP
> server is 192.168.1.2, you'd put a rule to allow source host/port
> any/any destination host 192.168.1.2 port 21 on the WAN interface to
> open 21.
> 
> -Chris
smime.p7s (3.7 KB, application/x-pkcs7-signature)