[ previous ] [ next ] [ threads ]
 
 From:  "Sancho2k.net Lists" <lists at sancho2k dot net>
 To:  Danny Puckett <dpuckett at comresource dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] PASV FTP
 Date:  Tue, 29 Mar 2005 22:34:21 -0700 
Danny Puckett wrote:
> I tried this with an extra public IP, but the FTP server is still
> passing back its private address to the client.
> 
> 227 Entering Passive Mode (192,168,2,21,78,49)

I'm not being snide here, but can't use you use one of the great free
FTP daemons that works properly in modern environments such as yours?
For example, PureFTPd supports the following option:

       -P ip address or host name
              Force the  specified  IP  address  in  reply  to  a
              PASV/EPSV/SPSV  command.  If the server is behind a
              masquerading (NAT) box that doesn't properly handle
              stateful  FTP  masquerading,  put the ip address of
              that box here. If you have a  dynamic  IP  address,
              you  can use a symbolic host name (probably the one
              of your gateway), that will be resolved every  time
              a new client will connect.

Otherwise, you may look at a packet filtering software that "properly
handles stateful masquerading."

DS